CVE-2025-58442

EPSS 0.04%
Veröffentlicht 09.09.2025 19:46:45
Zuletzt bearbeitet 11.09.2025 17:14:25
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellersaleor

≫

Produkt saleor

Version >= 3.21.0, < 3.21.16

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.129

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5

https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95

https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb

https://github.com/saleor/saleor/releases/tag/3.21.16

https://nvd.nist.gov/vuln/detail/CVE-2025-58442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58442

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-58442