CVE-2023-34099

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*

History

06 Jul 2023, 15:58

Type Values Removed Values Added
References (MISC) https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d - (MISC) https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d - Patch
References (MISC) https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023 - (MISC) https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023 - Patch, Vendor Advisory
References (MISC) https://www.shopware.com/en/changelog-sw5/#5-7-18 - (MISC) https://www.shopware.com/en/changelog-sw5/#5-7-18 - Release Notes
References (MISC) https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5 - (MISC) https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5 - Vendor Advisory
First Time Shopware shopware
Shopware
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*

27 Jun 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-27 17:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-34099

Mitre link : CVE-2023-34099

CVE.ORG link : CVE-2023-34099


JSON object : View

Products Affected

shopware

  • shopware
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions