An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xOTdjLTJtaDMtcGd3Oc4AA0IK
Shopware dependency configuration exposed
Due to a wrong configuration in the
themes/package-lock.json). With this information, the used Shopware version might be determined by an attacker, which could be used for further attacks.
We recommend updating to the current version 5.7.18. You can get the update to 5.7.18 regularly via the Auto-Updater or directly via the release page. https://github.com/shopware5/shopware/releases/tag/v5.7.18
For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html
Source: GitHub Advisory Database
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-q97c-2mh3-pgw9, CVE-2023-34098
Fixed in: 5.7.18