CVE-2021-32717

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32717

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32717.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32717

Aliases

GHSA-6gr8-c3m5-mvrg

Related

GHSA-vrf2-xghr-j52v

Published

2021-06-24T21:15:08.097Z

Modified

2026-03-13T22:14:15.169397Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as type. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin (https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659) and run the command ./bin/console s3:set-visibility to correct your cloud file visibilities.

References

Affected packages

Git / github.com/shopware/shopware

Affected ranges

Type

GIT

Repo

https://github.com/shopware/shopware

Events

Introduced

01c209a305adaabaf894e6929290c69c4a07adef

Fixed

5940dfe864da0bcf694534f560820d4a5df2f8b9

Fixed

ba52f683372b8417a00e9014f481ed3d539f34b3

Database specific

{
    "versions": [
        {
            "introduced": "6.1.0"
        },
        {
            "fixed": "6.4.1.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32717.json"