VulnerableCode Package Details - pkg:composer/shopware/platform@6.4.8%2B2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-guds-2g3f-kqdu	Exposure of Sensitive Information to an Unauthorized Actor Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.	CVE-2022-24747 GHSA-6wrh-279j-6hvw
VCID-p9kc-jb4m-r3b5	Session Fixation Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.	CVE-2022-24745 GHSA-jp6h-mxhx-pgqh

Vulnerability

Summary

Aliases

VCID-guds-2g3f-kqdu

Exposure of Sensitive Information to an Unauthorized Actor Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.

CVE-2022-24747
GHSA-6wrh-279j-6hvw

VCID-p9kc-jb4m-r3b5

Session Fixation Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.

CVE-2022-24745
GHSA-jp6h-mxhx-pgqh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:52:25.846049+00:00	GithubOSV Importer	Fixing	VCID-p9kc-jb4m-r3b5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-jp6h-mxhx-pgqh/GHSA-jp6h-mxhx-pgqh.json	38.6.0
2026-06-04T17:51:59.229111+00:00	GithubOSV Importer	Fixing	VCID-guds-2g3f-kqdu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-6wrh-279j-6hvw/GHSA-6wrh-279j-6hvw.json	38.6.0
2026-06-02T04:41:45.074722+00:00	GitLab Importer	Fixing	VCID-guds-2g3f-kqdu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/platform/CVE-2022-24747.yml	38.6.0
2026-06-02T04:41:44.923550+00:00	GitLab Importer	Fixing	VCID-p9kc-jb4m-r3b5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/platform/CVE-2022-24745.yml	38.6.0