CVE-2020-11883: Generation of Error Message Containing Sensitive Information
(updated )
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
References
- github.com/DivanteLtd/storefront-api/pull/59
- github.com/DivanteLtd/vue-storefront-api/pull/431
- github.com/advisories/GHSA-9wxj-37p8-49ff
- github.com/vuestorefront/storefront-api/pull/59/commits/9165b80c72b469c9615ce2f665499e6f6ead0a6a
- github.com/vuestorefront/vue-storefront-api/pull/431/commits/965247f41f872e84e4662d04d8e2108eaf6119da
- nvd.nist.gov/vuln/detail/CVE-2020-11883
Detect and mitigate CVE-2020-11883 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →