Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dependency configuration exposed in Shopware
Vulnerability Description
Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Shopware 信息泄露漏洞
Vulnerability Description
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 5.7.18之前版本存在信息泄露漏洞,该漏洞源于htaccess文件中的配置不正确,在生产环境中可以读取Javascript的配置文件(themes/package-lock.json)。
CVSS Information
N/A
Vulnerability Type
N/A