CVE-2020-11883

EUVD-2022-3460
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
divantestorefront-api
1.0:rc1
divantevue-storefront-api
𝑥
≤ 1.11.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/DivanteLtd/storefront-api/pull/59
https://github.com/DivanteLtd/vue-storefront-api/pull/431
https://github.com/DivanteLtd/storefront-api/pull/59
https://github.com/DivanteLtd/vue-storefront-api/pull/431