CVE-2025-30151
HIGH7.5EPSS 0.80%Shopware allows Denial Of Service via password length
發布日:2025/4/8修改日:2025/4/8
描述
### Impact It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. ### Patches Update to Shopware 6.6.10.3 or 6.5.8.17 ### Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
受影響套件(2)
- Packagist/shopware/core>= 6.6.0.0, < 6.6.10.3
- Packagist/shopware/platform>= 6.6.0.0, < 6.6.10.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30151
- PATCHhttps://github.com/shopware/shopware
- WEBhttps://github.com/shopware/shopware/releases/tag/v6.5.8.17
- WEBhttps://github.com/shopware/shopware/releases/tag/v6.6.10.3
- WEBhttps://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
- WEBhttps://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2