Vulnerability Description
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shopware | Shopware | >= 5.0.0, < 5.7.7 |
Related Weaknesses (CWE)
References
- https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-20PatchVendor Advisory
- https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c3PatchThird Party Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hgPatchThird Party Advisory
- https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-20PatchVendor Advisory
- https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c3PatchThird Party Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hgPatchThird Party Advisory
FAQ
What is CVE-2022-21651?
CVE-2022-21651 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. Th...
How severe is CVE-2022-21651?
CVE-2022-21651 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21651?
Check the references section above for vendor advisories and patch information. Affected products include: Shopware Shopware.