CVE-2021-32712
MEDIUMShopware < 5.6.10 - Sensitive Information Exposure via Error Message
Title source: llmDescription
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021
Third Party Advisory x_refsource_confirm
https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p
Patch, Third Party Advisory x_refsource_misc
https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d
Scores
CVSS v3
5.3
EPSS
0.0114
EPSS Percentile
62.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-209
CWE-200
Status
published
Products (2)
shopware/shopware
0 - 5.6.10Packagist
shopware/shopware
5.0.0 - 5.6.10
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026