VulnerableCode Package Details - pkg:composer/shopware/shopware@5.7.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-bgek-xyh7-ffbu Aliases: CVE-2023-34099 GHSA-gh66-fp7j-98v5	Improper Check for Unusual or Exceptional Conditions Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.	5.7.18 Affected by 0 other vulnerabilities.
VCID-hxmy-gvzy-ufcg Aliases: CVE-2022-36102 GHSA-qc43-pgwq-3q2q		5.7.15 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mekd-thy7-63cz Aliases: CVE-2022-36101 GHSA-6vfq-jmxg-g58r		5.7.15 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-trhv-dwjm-zfav Aliases: CVE-2023-34098 GHSA-q97c-2mh3-pgw9	Exposure of Sensitive Information to an Unauthorized Actor Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.	5.7.18 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bgek-xyh7-ffbu
Aliases:
CVE-2023-34099
GHSA-gh66-fp7j-98v5

Improper Check for Unusual or Exceptional Conditions Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

5.7.18
Affected by 0 other vulnerabilities.

VCID-hxmy-gvzy-ufcg
Aliases:
CVE-2022-36102
GHSA-qc43-pgwq-3q2q

5.7.15
Affected by 2 other vulnerabilities.

VCID-mekd-thy7-63cz
Aliases:
CVE-2022-36101
GHSA-6vfq-jmxg-g58r

5.7.15
Affected by 2 other vulnerabilities.

VCID-trhv-dwjm-zfav
Aliases:
CVE-2023-34098
GHSA-q97c-2mh3-pgw9

Exposure of Sensitive Information to an Unauthorized Actor Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.

5.7.18
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T07:30:56.569412+00:00	GitLab Importer	Affected by	VCID-bgek-xyh7-ffbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2023-34099.yml	38.6.0
2026-06-01T07:30:51.813654+00:00	GitLab Importer	Affected by	VCID-trhv-dwjm-zfav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2023-34098.yml	38.6.0
2026-06-01T07:02:25.109660+00:00	GitLab Importer	Affected by	VCID-mekd-thy7-63cz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2022-36101.yml	38.6.0
2026-06-01T07:02:24.428043+00:00	GitLab Importer	Affected by	VCID-hxmy-gvzy-ufcg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2022-36102.yml	38.6.0