What is CVE-2024-27917?

CVE-2024-27917 is a high-severity vulnerability in Shopware, classified under Use of Cache Containing Sensitive Information. CVSS score: 7.5/10. Published 2024-03-06.

How severe is CVE-2024-27917?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Shopware

CVE-2024-27917

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 40…

EPSS: 0.001 (30.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Shopware — versions >= 6.5.8.0, < 6.5.8.7

Weakness classification (CWE)

CWE-524 — Use of Cache Containing Sensitive Information

References

https://github.com/shopware/shopware/security/advisories/GHSA-c2f9-4jmm-v45m (x_refsource_CONFIRM)
https://github.com/shopware/shopware/commit/7d9cb03225efca5f97e69b800d8747598dd15ce3 (x_refsource_MISC)
https://github.com/shopware/storefront/commit/3477e4a425d3c54b4bfae82d703fe3838dc21d3e (x_refsource_MISC)
https://github.com/shopware/shopware/releases/tag/v6.5.8.7 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-27917?: CVE-2024-27917 is a high-severity vulnerability in Shopware, classified under Use of Cache Containing Sensitive Information. CVSS score: 7.5/10. Published 2024-03-06.
How severe is CVE-2024-27917?: High severity. CVSS v3 base score is 7.5 out of 10.