CVE-2021-32717: Information Exposure

June 24, 2021 (updated October 25, 2022)

Private files are publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation.

References

docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021
nvd.nist.gov/vuln/detail/CVE-2021-32717

Code Behaviors & Features

Detect and mitigate CVE-2021-32717 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →