5.3
CVE-2021-32712
- EPSS 1.14%
- Veröffentlicht 24.06.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:34
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginInformation leakage in Error Handler
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.623 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021
https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d
https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p