Описание
Shopware database password is leaked to an unauthenticated users
In Shopware 6 before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. This vulnerability does not affect the shopware 5 release branch (shopware/shopware on packagist).
Пакеты
Наименование
shopware/core
composer
Затронутые версииВерсия исправления
>= 6.0.0, < 6.2.3
6.2.3
Наименование
shopware/platform
composer
Затронутые версииВерсия исправления
>= 6.0.0, < 6.2.3
6.2.3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 5 лет назад
In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.