Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/shopware/storefront@6.4.8%2B1
purl pkg:composer/shopware/storefront@6.4.8%2B1
Tags Ghost
Next non-vulnerable version 6.4.8.2
Latest non-vulnerable version 6.4.8.2
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-zeav-rkta-4yck
Aliases:
CVE-2022-24745
GHSA-jp6h-mxhx-pgqh
Shopware guest session is shared between customers ### Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue ## Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 ## Workarounds ### Security Plugin For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. ### Disable HTTP Cache Disabling HTTP Cache is also a valid workaround
6.4.8.2
Affected by 0 other vulnerabilities.
6.4.8+2
Affected by 0 other vulnerabilities.
VCID-zmey-wuyj-y3a1
Aliases:
CVE-2022-24747
GHSA-6wrh-279j-6hvw
HTTP caching is marking private HTTP headers as public in Shopware ### Impact HTTP caching is marking private HTTP headers as public ## Patches Fixed in recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 ## Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
6.4.8.2
Affected by 0 other vulnerabilities.
6.4.8+2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-29T17:31:52.677755+00:00 GitLab Importer Affected by VCID-zeav-rkta-4yck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/storefront/CVE-2022-24745.yml 38.6.0
2026-05-29T17:31:52.626623+00:00 GitLab Importer Fixing VCID-upgj-h5xt-abcb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/storefront/CVE-2022-24746.yml 38.6.0
2026-05-29T17:31:52.458203+00:00 GitLab Importer Affected by VCID-zmey-wuyj-y3a1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/storefront/CVE-2022-24747.yml 38.6.0
2026-05-29T14:25:46.836408+00:00 GHSA Importer Affected by VCID-zmey-wuyj-y3a1 https://github.com/advisories/GHSA-6wrh-279j-6hvw 38.6.0
2026-05-29T14:25:46.698200+00:00 GHSA Importer Fixing VCID-upgj-h5xt-abcb https://github.com/advisories/GHSA-952p-fqcp-g8pc 38.6.0
2026-05-29T14:25:46.581989+00:00 GHSA Importer Affected by VCID-zeav-rkta-4yck https://github.com/advisories/GHSA-jp6h-mxhx-pgqh 38.6.0
2026-05-29T09:29:53.614377+00:00 GithubOSV Importer Fixing VCID-upgj-h5xt-abcb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-952p-fqcp-g8pc/GHSA-952p-fqcp-g8pc.json 38.6.0