Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2023-34098
Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments (themes/package-lock.json). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.
| Software | From | Fixed in |
|---|---|---|
shopware / shopware
|
5.6.0 | 5.7.18 |
| shopware / shopware | 5.6.0 | 5.7.18 |
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
- https://github.com/shopware/shopware/security/advisories/GHSA-q97c-2mh3-pgw9
- https://github.com/shopware5/shopware/commit/b3518c8d9562a38615d638f31f79829f6e2f4b6a
- https://github.com/shopware5/shopware/security/advisories/GHSA-q97c-2mh3-pgw9
- https://www.shopware.com/en/changelog-sw5/#5-7-18
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime