Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP caching is marking private HTTP headers as public
Vulnerability Description
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Shopware 信息泄露漏洞
Vulnerability Description
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 存在信息泄露漏洞,该漏洞源于没有将敏感的 HTTP 标头正确设置为不可缓存。如果服务器和客户端之间存在 HTTP 缓存,则标头可能会通过 HTTP 缓存公开。
CVSS Information
N/A
Vulnerability Type
N/A