Security Advisory

CVE-2025-58442

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-09 19:46:45

Last updated 2025-09-10 13:50:40

Assigner GitHub_M

State PUBLISHED

Description

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.

← Browse all CVEs View on cve.org ↗