CVE-2021-32712 Information

Description

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021 https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3