CVE-2021-37707

Published: Aug 16, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Affected (1)

Products: Shopware: Shopware

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shopware Shopware	From 6.1.0 to 6.4.3.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf

Source: security-advisories@github.com

Third Party Advisory

https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.