Moderate severityNVD Advisory· Published Jun 27, 2023· Updated Nov 7, 2024
Dependency configuration exposed in Shopware
CVE-2023-34098
Description
Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments (themes/package-lock.json). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/shopwarePackagist | >= 5.6.0, < 5.7.18 | 5.7.18 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-q97c-2mh3-pgw9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-34098ghsaADVISORY
- docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023ghsax_refsource_MISCWEB
- github.com/shopware/shopware/security/advisories/GHSA-q97c-2mh3-pgw9ghsax_refsource_CONFIRMWEB
- github.com/shopware5/shopware/commit/b3518c8d9562a38615d638f31f79829f6e2f4b6aghsax_refsource_MISCWEB
- github.com/shopware5/shopware/security/advisories/GHSA-q97c-2mh3-pgw9ghsaWEB
- www.shopware.com/en/changelog-sw5/ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.