Search for packages
| purl | pkg:composer/shopware/shopware@5.6.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-h6qp-71jr-3fef
Aliases: CVE-2019-12799 |
Deserialization of Untrusted Data In `createInstanceFromNamedArguments` in Shopware, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-t4s7-r659-pyba
Aliases: CVE-2023-34098 GHSA-q97c-2mh3-pgw9 |
Exposure of Sensitive Information to an Unauthorized Actor Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:45:12.421869+00:00 | GitLab Importer | Affected by | VCID-t4s7-r659-pyba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2023-34098.yml | 38.6.0 |
| 2026-06-02T04:39:21.787804+00:00 | GitLab Importer | Affected by | VCID-h6qp-71jr-3fef | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2019-12799.yml | 38.6.0 |