CVE-2023-34098

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

GHSA-J4G3-3Q8X-JXQP dbt-core's secret env vars written to package-lock.json in plaintext

Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...

PT-2023-33033 · Dbt-Core · Dbt-Core

Name of the Vulnerable Software and Affected Versions: dbt-core versions prior to 1.7.3 Description: The issue arises when dbt-core is used to pull source code from a private repository using a Personal Access Token PAT. In this scenario, some versions of dbt-core write a URL with the PAT in...

PT-2023-24670 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.7.18 Description: The issue arises from an incorrect configuration in the .htaccess file, allowing the configuration file of Javascript dependencies to be read in production environments, specifically the...