VYPR
Moderate severityNVD Advisory· Published Jun 27, 2023· Updated Nov 7, 2024

Dependency configuration exposed in Shopware

CVE-2023-34098

Description

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments (themes/package-lock.json). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
shopware/shopwarePackagist
>= 5.6.0, < 5.7.185.7.18

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.