CVE-2022-21651

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.

Published: Jan 5, 2022
Updated: May 9, 2024
CVE: CVE-2022-21651
GHSA: GHSA-c53v-qmrx-93hg
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
shopware / shopware	5.0.0	5.7.7
shopware / shopware	5.0.0	5.7.7

https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022
https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886
https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg

Vulnerability Database

290,273

CVE-2022-21651