Primary

Context

Divante Vue Storefront API and Storefront API Stack Trace Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in Divante vue-storefront-api versions through 1.11.1 and in storefront-api versions through 1.0-rc.1. When unexpected HTTP requests are received, the applications respond with an exception that reveals the error stack trace, including absolute file paths and Node.js module names. This issue was merged into the develop branch of both repositories.

Impact

Exploitation of this vulnerability leads to the unintentional disclosure of sensitive information, including file paths and module names, which could aid an attacker in further exploiting the application.

Added: May 15, 2026, 8:52 AM

Updated: May 15, 2026, 8:52 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.9

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.9

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Divante Vue Storefront API and Storefront API Stack Trace Disclosure Vulnerability

Vulnerability

Impact

Affected Products

Divante vue-storefront-api

Divante storefront-api

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating