CNNVD-202601-3341 Information
CNNVD ID
CNNVD-202601-3341
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
saleor是Saleor Commerce开源的一个接口软件。 saleor 3.0.0版本至3.20.108之前版本、3.21.43之前版本和3.22.27之前版本存在代码问题漏洞,该漏洞源于允许经过身份验证的员工用户或应用上传任意文件,可能导致恶意脚本在用户浏览器环境中执行。
Description (English)
Saleor is an interface to the opening source of Saleor Commerce. There is a code problem loophole in versions 3.0.0 to 3.20.108, 3.21.43 and 3.22.27, which stems from allowing an identified employee user or application to upload an arbitrary document, which may lead to malicious scripts being executed in the user browser environment.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Saleor Commerce
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/saleor/saleor/commit/9110eba68c3f73afa1f72b45bd9b1394c752d335 https://github.com/saleor/saleor/commit/ac6936a336289c77398ef600cad3498ad4ba261c https://github.com/saleor/saleor/commit/7d33efc7a06252320cd51cbb20c2e308aed2fd10 https://docs.saleor.io/security/#restricted-file-uploads https://github.com/saleor/saleor/commit/77f7927a0db9a216440df92c51012136f13e1d99 https://github.com/saleor/saleor/security/advisories/GHSA-666h-2p49-pg95 https://github.com/saleor/saleor/commit/b3cb27b3fe96dae3c879063e56d32a9398eabd24 https://access.redhat.com/security/cve/cve-2026-23499
Patch
https://github.com/saleor/saleor/releases
Share on: