Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-r87r-982q-2c3q

GitHub Security Advisory

Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
Unauthorized users are able to obtain sensitive information about the system's runtime environment, features they have no permissions to access, etc.

### Patches
Update to version 10.6.4 or apply this patch manually https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch

### Workarounds
Apply patch https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch manually.

### References
https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c/

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.6.4)

Related CVEs

CVE-2023-3819

Key Information

GHSA ID
GHSA-r87r-982q-2c3q
Published
July 21, 2023 8:18 PM
Last Modified
July 21, 2023 8:18 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.