Error Stack Trace Disclosure in Divante Vue Storefront API

Error Stack Trace Disclosure in Divante Vue Storefront API

CVE-2020-11883 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.

Learn more about our Api Penetration Testing.