CVE-2025-30151
Shopware allows Denial Of Service via password length
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
shopware · shopware¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →