Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023 | Patch Vendor Advisory |
https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5 | Vendor Advisory |
https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d | Patch |
https://www.shopware.com/en/changelog-sw5/#5-7-18 | Release Notes |
Configurations
History
06 Jul 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d - Patch | |
References | (MISC) https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023 - Patch, Vendor Advisory | |
References | (MISC) https://www.shopware.com/en/changelog-sw5/#5-7-18 - Release Notes | |
References | (MISC) https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5 - Vendor Advisory | |
First Time |
Shopware shopware
Shopware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:* |
27 Jun 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-27 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-34099
Mitre link : CVE-2023-34099
CVE.ORG link : CVE-2023-34099
JSON object : View
Products Affected
shopware
- shopware
CWE
CWE-754
Improper Check for Unusual or Exceptional Conditions