CNNVD-202601-4283 Information

CNNVD ID

CNNVD-202601-4283

Related CVE

CVE-2026-24136

• CNNVD Published: 2026-01-24

Description (Chinese)

saleor是Saleor Commerce开源的一个接口软件。 saleor 3.2.0至3.20.109版本、3.21.0-a.0至3.21.44版本和3.22.0-a.0至3.22.28版本存在安全漏洞，该漏洞源于不安全的直接对象引用，可能导致未经验证的参与者以明文形式提取敏感信息。

Description (English)

Saleor is an interface to the opening source of Saleor Commerce. There is a security loophole in versions 3.2.0 to 3.20.109, 3.21.0-a.0 to 3.21.44 and 3.22.0-a.0 to 3.22.28, which originates from unsafe direct reference and may result in unverified participants extracting sensitive information in explicit form.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Saleor Commerce

Published

2026-01-24

Last Modified

2026-02-24

References

https://github.com/saleor/saleor/commit/718ce1b4fc3aef68eeac1aea0cf1d70a614ba6af https://github.com/saleor/saleor/commit/aeaced8acb5e01055eddec584263f77e517d5944 https://github.com/saleor/saleor/security/advisories/GHSA-r6fj-f4r9-36gr https://github.com/saleor/saleor/commit/9bcd4f9000b189297eeb3ac88cc28c6c30229153 https://github.com/saleor/saleor/commit/5dab1857fbb2801f74e2bfe86f307e4590d9d2fa https://access.redhat.com/security/cve/cve-2026-24136

Patch

https://saleor.io/