CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
divantestorefront-api
1.0:rc1
divantevue-storefront-api
𝑥
≤ 1.11.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/DivanteLtd/storefront-api/pull/59
https://github.com/DivanteLtd/vue-storefront-api/pull/431
https://github.com/DivanteLtd/storefront-api/pull/59
https://github.com/DivanteLtd/vue-storefront-api/pull/431