CVE-2021-32712

Published: Jun 24, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.

Affected (1)

Products: Shopware: Shopware

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shopware Shopware	From 5.0.0 to 5.6.10

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (6)

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021

Source: security-advisories@github.com

Vendor Advisory

https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p

Source: security-advisories@github.com

Third Party Advisory

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.