Vulnerability Details : CVE-2021-32712
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
Vulnerability category: Information leak
Products affected by CVE-2021-32712
- cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32712
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32712
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2021-32712
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-32712
-
https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d
SW-26001 - Adjust error controller · shopware/shopware@dcb24eb · GitHubPatch;Third Party Advisory
-
https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p
Information leakage in Error Handler · Advisory · shopware/shopware · GitHubThird Party Advisory
-
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021
Shopware 5 - Security Updates - Security Update 05/2021Vendor Advisory
Jump to