Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-t4s7-r659-pyba
Vulnerability ID VCID-t4s7-r659-pyba
Aliases CVE-2023-34098
GHSA-q97c-2mh3-pgw9
Summary Exposure of Sensitive Information to an Unauthorized Actor Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
https://github.com/shopware5/shopware/commit/b3518c8d9562a38615d638f31f79829f6e2f4b6a
https://www.shopware.com/en/changelog-sw5/#5-7-18
CVE-2023-34098 https://nvd.nist.gov/vuln/detail/CVE-2023-34098
GHSA-q97c-2mh3-pgw9 https://github.com/shopware/shopware/security/advisories/GHSA-q97c-2mh3-pgw9
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:45:12.404199+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2023-34098.yml 38.6.0