Search for vulnerabilities
| Vulnerability ID | VCID-5tjh-39gd-g3ar |
| Aliases |
GHSA-27c9-vp3w-6ww8
|
| Summary | Shopware exposes sensitive user information via CSV export mapping Sensitive information disclosure occurs when an application inadvertently displays sensitive information to its users. Depending on the context, websites can leak all kinds of information including: • Data regarding other users, such as usernames and/or e-mail addresses • Sensitive commercial data such as customer names • Technical details about the website and/or the underlying infrastructure Disclosing technical details, such as detailed version information, allows malicious actors to look for targeted vulnerabilities and/or misconfigurations in the application or in the underlying infrastructure. In addition, an application is more likely to be targeted by attacks that specifically target a particular version of the software used. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-27c9-vp3w-6ww8 |
| cvssv3.1_qr | MODERATE | https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/shopware/shopware | ||
| https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083 | ||
| GHSA-27c9-vp3w-6ww8 | https://github.com/advisories/GHSA-27c9-vp3w-6ww8 | |
| GHSA-27c9-vp3w-6ww8 | https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:04:29.689083+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/GHSA-27c9-vp3w-6ww8.yml | 38.6.0 |