CVE-2020-13997

Insufficiently Protected Credentials in packagist/shopware/shopware

Identifiers

CVE-2020-13997

Package Slug

packagist/shopware/shopware

Vulnerability

Insufficiently Protected Credentials

Description

In Shopware, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.

Affected Versions

All versions before 6.2.3

Solution

Upgrade to version 6.2.3 or above.

Last Modified

2020-08-03

source