CVE-2020-11883
published 2020-04-17CVE-2020-11883: In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
15.15%
96.3th percentile
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| divante | storefront-api | — | — |
| divante | storefront-api | >= 0 < 1.0.0-rc3 | 1.0.0-rc3 |
| divante | vue-storefront-api | <= 1.11.1 | — |
| divante | vue-storefront-api | >= 0 < 1.12.0 | 1.12.0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Diavante vue-storefront-api and storefront-api disclose stack trace
osv·2022-05-24
CVE-2020-11883 [MEDIUM] Diavante vue-storefront-api and storefront-api disclose stack trace
Diavante vue-storefront-api and storefront-api disclose stack trace
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
GHSA
Diavante vue-storefront-api and storefront-api disclose stack trace
ghsa·2022-05-24
CVE-2020-11883 [MEDIUM] CWE-200 Diavante vue-storefront-api and storefront-api disclose stack trace
Diavante vue-storefront-api and storefront-api disclose stack trace
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-17
Published