CVE-2021-32716

Опубликовано: 24 июн. 2021

Источник: nvd

CVSS3: 4.4

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Ссылки

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021
Vendor Advisory
https://github.com/shopware/platform/commit/b5c3ce3e93bd121324d72aa9d367cb636ff1c0eb
Patch
Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-gpmh-g94g-qrhr
Third Party Advisory
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021
Vendor Advisory
https://github.com/shopware/platform/commit/b5c3ce3e93bd121324d72aa9d367cb636ff1c0eb
Patch
Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-gpmh-g94g-qrhr
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*

Версия от 6.1.0 (включая) до 6.4.1.1 (исключая)

EPSS

Процентиль: 54%

0.00308

Низкий

4.4 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

CWE-863

Связанные уязвимости

GHSA-68v9-3jjq-rvp4

CVSS3: 4.4

github

больше 4 лет назад

Exposure of Sensitive Information to an Unauthorized Actor

EPSS

Процентиль: 54%

0.00308

Низкий

4.4 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

CWE-863