CVE-2023-34098

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-34098
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34098.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34098
Aliases
Published
2023-06-27T16:25:15Z
Modified
2025-11-04T20:11:47.293763Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Dependency configuration exposed in Shopware
Details

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments (themes/package-lock.json). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/shopware5/shopware

Affected ranges

Type
GIT
Repo
https://github.com/shopware5/shopware
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
95e77156a9c8e0f2c3b731d7e4835cb26921c36d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.7.18"
        }
    ]
}

Affected versions

1.*

1.0.2
1.0.8

4.*

4.0.1
4.0.2
4.0.3
4.0.6
4.0.6_RC2
4.0.7
4.0.8
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.2.0
4.2.0-rc.1
4.2.1
4.2.1.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6

v5.*

v5.0.0
v5.0.0-BETA1
v5.0.0-BETA2
v5.0.0-RC1
v5.0.0-RC2
v5.0.0-RC3
v5.0.0-WORKSHOP
v5.0.1
v5.0.2
v5.0.2-RC1
v5.0.3
v5.0.3-RC1
v5.0.4
v5.0.4-RC1
v5.1.0
v5.1.0-RC2
v5.1.0-RC3
v5.1.1
v5.1.2
v5.1.2-RC1
v5.1.2-RC2
v5.1.3
v5.1.3-RC1
v5.1.4
v5.1.5
v5.1.6
v5.2.0
v5.2.0-BETA1
v5.2.0-RC1
v5.2.0-RC2
v5.2.0-RC3
v5.2.1
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.2
v5.2.20
v5.2.21
v5.2.22
v5.2.23
v5.2.24
v5.2.25
v5.2.26
v5.2.27
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.3.0
v5.3.0-RC1
v5.3.0-RC2
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.4.0
v5.4.0-RC1
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.5.0
v5.5.0-BETA1
v5.5.0-RC1
v5.5.1
v5.5.10
v5.5.2
v5.5.3
v5.5.4
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.5.9
v5.6.0
v5.6.0-RC1
v5.6.1
v5.6.10
v5.6.2
v5.6.3
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.0
v5.7.0-RC1
v5.7.0-RC2
v5.7.1
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.15
v5.7.16
v5.7.16-RC1
v5.7.17
v5.7.17-RC1
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.8
v5.7.9