Information Disclosure in Sitecore JSS React Sample Application
CVE-2020-36850

8.7HIGH

Key Information:

Vendor

Sitecore

Status
Jss React Sample Application
Vendor
CVE Published:
25 July 2025

What is CVE-2020-36850?

An information disclosure flaw exists in the Sitecore JSS React Sample Application (versions 11.0.0 to 14.0.1) where sensitive page content intended for one user may inadvertently be displayed to another user. This vulnerability could potentially allow unauthorized access to user-specific data, thereby compromising user privacy and information security. Sitecore has provided patches to mitigate this risk, and immediate updates are recommended to ensure system integrity.

Affected Version(s)

JSS React Sample Application 11.0.0 <= 14.0.1

References

https://support.sitecore.com/kb?id=kb_article_view&syspar...
vendor-advisorypatch
https://support.sitecore.com/kb?id=kb_article_view&syspar...
vendor-advisorypatch
https://www.vulncheck.com/advisories/sitecore-jss-react-s...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sitecore
.
CVE-2020-36850 : Information Disclosure in Sitecore JSS React Sample Application