GSA_kwCzR0hTQS1yNHBoLW14NjcteDU4cM4AAleY

High EPSS: 0.01045% (0.76594 Percentile) EPSS:

Permalink JSON

Shopware database password is leaked to an unauthenticated users

Affected Packages	Affected Versions	Fixed Versions
packagist:shopware/platform	>= 6.0.0, < 6.2.3	6.2.3
6 Dependent packages 38 Dependent repositories 1,391,913 Downloads total Affected Version Ranges All affected versions 6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.1, 6.2.2 All unaffected versions 5.3.1, 6.2.3
packagist:shopware/core	>= 6.0.0, < 6.2.3	6.2.3
216 Dependent packages 298 Dependent repositories 4,226,487 Downloads total Affected Version Ranges All affected versions 6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.1, 6.2.2 All unaffected versions 6.2.3

In Shopware 6 before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. This vulnerability does not affect the shopware 5 release branch (shopware/shopware on packagist).

References:

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1yNHBoLW14NjcteDU4cM4AAleY

Shopware database password is leaked to an unauthenticated users

Affected Version Ranges

All affected versions

All unaffected versions

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API