VulnerableCode Package Details - pkg:composer/shopware/core@6.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5393-j7pp-tqa2 Aliases: CVE-2021-37707 GHSA-9f8f-574q-8jmf	Improper Input Validation Shopware is an open source eCommerce platform. contain a vulnerability that allows manipulation of product reviews via API. contains a patch.	6.4.3+1 Affected by 0 other vulnerabilities.
VCID-s891-7fx6-k7e8 Aliases: CVE-2021-37711 GHSA-gcvv-gq92-x94r	Server-Side Request Forgery (SSRF) Shopware contains an authenticated server-side request forgery vulnerability in file upload via URL.	6.4.3+1 Affected by 0 other vulnerabilities.
VCID-wdc4-uy1a-ybec Aliases: CVE-2021-37708 GHSA-xh55-2fqp-p775	Command Injection Shopware is an open source eCommerce platform. contain a command injection vulnerability in mail agent settings.	6.4.3+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5393-j7pp-tqa2
Aliases:
CVE-2021-37707
GHSA-9f8f-574q-8jmf

Improper Input Validation Shopware is an open source eCommerce platform. contain a vulnerability that allows manipulation of product reviews via API. contains a patch.

6.4.3+1
Affected by 0 other vulnerabilities.

VCID-s891-7fx6-k7e8
Aliases:
CVE-2021-37711
GHSA-gcvv-gq92-x94r

Server-Side Request Forgery (SSRF) Shopware contains an authenticated server-side request forgery vulnerability in file upload via URL.

6.4.3+1
Affected by 0 other vulnerabilities.

VCID-wdc4-uy1a-ybec
Aliases:
CVE-2021-37708
GHSA-xh55-2fqp-p775

Command Injection Shopware is an open source eCommerce platform. contain a command injection vulnerability in mail agent settings.

6.4.3+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8n77-xfpc-sucm	Cross-Site Request Forgery (CSRF) Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 is vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.	CVE-2022-24879 GHSA-pf38-v6qj-j23h
VCID-cmgu-xukg-cfdz	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.	CVE-2022-24873 GHSA-4g29-fccr-p59w
VCID-mg54-375u-vfhr	Weak Password Recovery Mechanism for Forgotten Password Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.	CVE-2022-24892 GHSA-3qrq-r688-vvh4

Vulnerability

Summary

Aliases

VCID-8n77-xfpc-sucm

Cross-Site Request Forgery (CSRF) Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 is vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

CVE-2022-24879
GHSA-pf38-v6qj-j23h

VCID-cmgu-xukg-cfdz

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

CVE-2022-24873
GHSA-4g29-fccr-p59w

VCID-mg54-375u-vfhr

Weak Password Recovery Mechanism for Forgotten Password Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.

CVE-2022-24892
GHSA-3qrq-r688-vvh4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:57:46.682857+00:00	GitLab Importer	Fixing	VCID-mg54-375u-vfhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2022-24892.yml	38.6.0
2026-05-30T20:57:46.380285+00:00	GitLab Importer	Fixing	VCID-8n77-xfpc-sucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2022-24879.yml	38.6.0
2026-05-30T20:57:46.281345+00:00	GitLab Importer	Fixing	VCID-cmgu-xukg-cfdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2022-24873.yml	38.6.0
2026-05-30T20:55:29.629203+00:00	GitLab Importer	Affected by	VCID-s891-7fx6-k7e8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2021-37711.yml	38.6.0
2026-05-30T20:55:29.601434+00:00	GitLab Importer	Affected by	VCID-wdc4-uy1a-ybec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2021-37708.yml	38.6.0
2026-05-30T20:55:29.363553+00:00	GitLab Importer	Affected by	VCID-5393-j7pp-tqa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2021-37707.yml	38.6.0