漏洞标题
HTTP缓存是将私有HTTP头标记为公共的。
漏洞描述信息
HTTP 缓存将私有 HTTP 头标记为公共
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
HTTP caching is marking private HTTP headers as public
漏洞描述信息
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
漏洞类别
信息暴露
漏洞标题
Shopware 信息泄露漏洞
漏洞描述信息
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 存在信息泄露漏洞,该漏洞源于没有将敏感的 HTTP 标头正确设置为不可缓存。如果服务器和客户端之间存在 HTTP 缓存,则标头可能会通过 HTTP 缓存公开。
CVSS信息
N/A
漏洞类别
信息泄露