logo

Database

Technical information leak In shopware/shopware

Description

Shopware database password is leaked to an unauthenticated users In Shopware 6 before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. This vulnerability does not affect the shopware 5 release branch (shopware/shopware on packagist).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-139972. NVD-2020-139973. OSV-2020-139974. GCVE-2020-13997

References

1. https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-20202. https://www.shopware.com/en/changelog/#6-2-3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.