{"url":"http://public2.vulnerablecode.io/api/packages/388893?format=json","purl":"pkg:composer/shopware/shopware@4.3.0","type":"composer","namespace":"shopware","name":"shopware","version":"4.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.7.15","latest_non_vulnerable_version":"6.7.2+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322367?format=json","vulnerability_id":"VCID-5d5t-4nh9-gffx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13970","reference_id":"","reference_type":"","scores":[{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61404","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13970"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13970","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13970"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[],"aliases":["CVE-2020-13970","GHSA-5vmg-x99g-396q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d5t-4nh9-gffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208939?format=json","vulnerability_id":"VCID-9f58-1dw2-uka2","summary":"Improper Access Control in Shopware","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40586","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872","reference_id":"CVE-2022-24872","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872"},{"reference_url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc"}],"fixed_packages":[],"aliases":["CVE-2022-24872","GHSA-9wrv-g75h-8ccc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f58-1dw2-uka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340014?format=json","vulnerability_id":"VCID-9kzj-dbw3-p3ff","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32710","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32710"},{"reference_url":"https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32710","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32710"},{"reference_url":"https://packagist.org/packages/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/shopware/platform"},{"reference_url":"https://github.com/advisories/GHSA-h9q8-5gv2-v6mg","reference_id":"GHSA-h9q8-5gv2-v6mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h9q8-5gv2-v6mg"}],"fixed_packages":[],"aliases":["CVE-2021-32710","GHSA-h9q8-5gv2-v6mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kzj-dbw3-p3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210596?format=json","vulnerability_id":"VCID-cvg6-jqs9-63c9","summary":"Shopware Cross-site Scripting Vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12935","reference_id":"","reference_type":"","scores":[{"value":"0.0358","scoring_system":"epss","scoring_elements":"0.88013","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12935"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jun/32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jun/32"},{"reference_url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware"},{"reference_url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/","reference_id":"","reference_type":"","scores":[],"url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/"},{"reference_url":"https://www.shopware.com/en/changelog/#5-5-8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#5-5-8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12935","reference_id":"CVE-2019-12935","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12935"},{"reference_url":"https://github.com/advisories/GHSA-8qxh-hcr9-2379","reference_id":"GHSA-8qxh-hcr9-2379","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qxh-hcr9-2379"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23825?format=json","purl":"pkg:composer/shopware/shopware@5.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.5.8"}],"aliases":["CVE-2019-12935","GHSA-8qxh-hcr9-2379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvg6-jqs9-63c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361160?format=json","vulnerability_id":"VCID-dadg-wnjd-gqaq","summary":"Exposure of .env if project root is configured as web root in shopware/production\n### Impact\n\nThe .env and other sensitive files can be leaked if the project root and not `/public` is configured as the web root.\n\n### Patches\nWe recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\n\nYou should always use `/public` as the web root.\n\nFor older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2021","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-3pcr-4982-548m","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-3pcr-4982-548m"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3pcr-4982-548m","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3pcr-4982-548m"},{"reference_url":"https://github.com/advisories/GHSA-3pcr-4982-548m","reference_id":"GHSA-3pcr-4982-548m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3pcr-4982-548m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382460?format=json","purl":"pkg:composer/shopware/shopware@6.3.5%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.3.5%252B3"}],"aliases":["GHSA-3pcr-4982-548m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dadg-wnjd-gqaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/291433?format=json","vulnerability_id":"VCID-dhvd-4xqg-hkaq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15374","reference_id":"","reference_type":"","scores":[{"value":"0.03459","scoring_system":"epss","scoring_elements":"0.87799","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15374"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15374","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15374"},{"reference_url":"https://www.exploit-db.com/exploits/43849","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43849"},{"reference_url":"https://www.vulnerability-lab.com/get_content.php?id=1922","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulnerability-lab.com/get_content.php?id=1922"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/json/webapps/43849.txt","reference_id":"CVE-2017-15374","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/json/webapps/43849.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386364?format=json","purl":"pkg:composer/shopware/shopware@5.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.4"}],"aliases":["CVE-2017-15374","GHSA-mvrx-cmqw-2jgj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhvd-4xqg-hkaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284829?format=json","vulnerability_id":"VCID-fkhy-6p8g-pfa2","summary":"","references":[{"reference_url":"http://community.shopware.com/_detail_1918.html","reference_id":"","reference_type":"","scores":[],"url":"http://community.shopware.com/_detail_1918.html"},{"reference_url":"http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3109","reference_id":"","reference_type":"","scores":[{"value":"0.28575","scoring_system":"epss","scoring_elements":"0.9664","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3109"},{"reference_url":"https://community.shopware.com/_detail_1918.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.shopware.com/_detail_1918.html"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/CVE-2016-3109.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/CVE-2016-3109.yaml"},{"reference_url":"https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3109","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3109"},{"reference_url":"https://web.archive.org/web/20200814090044/http://www.securityfocus.com/archive/1/538173/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200814090044/http://www.securityfocus.com/archive/1/538173/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20210125193827/http://www.securityfocus.com/bid/97979","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125193827/http://www.securityfocus.com/bid/97979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384763?format=json","purl":"pkg:composer/shopware/shopware@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-sn3t-q8gg-kyhb"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@4.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/384764?format=json","purl":"pkg:composer/shopware/shopware@5.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-81v4-fbjh-yfe5"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nv8d-n6fg-j7cc"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-sn3t-q8gg-kyhb"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-y6r6-jye4-6fcw"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.1.5"}],"aliases":["CVE-2016-3109","GHSA-cj2f-96jq-phpp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkhy-6p8g-pfa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292817?format=json","vulnerability_id":"VCID-g9gt-r2rt-q3fe","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18357","reference_id":"","reference_type":"","scores":[{"value":"0.57295","scoring_system":"epss","scoring_elements":"0.98191","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18357"},{"reference_url":"https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"},{"reference_url":"https://demo.ripstech.com/projects/shopware_5.3.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://demo.ripstech.com/projects/shopware_5.3.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18357","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18357"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46915.rb","reference_id":"CVE-2017-18357","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46915.rb"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/shopware_createinstancefromnamedarguments_rce.rb","reference_id":"CVE-2017-18357","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/shopware_createinstancefromnamedarguments_rce.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386364?format=json","purl":"pkg:composer/shopware/shopware@5.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.4"}],"aliases":["CVE-2017-18357","GHSA-6m27-7cqj-2mxw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9gt-r2rt-q3fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322368?format=json","vulnerability_id":"VCID-h65n-32h9-dfcd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13971","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54332","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13971"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13971","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13971"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[],"aliases":["CVE-2020-13971","GHSA-fxf3-wx3c-76pf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h65n-32h9-dfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208936?format=json","vulnerability_id":"VCID-jx2r-jrwf-h3bm","summary":"Server-Side Request Forgery (SSRF) in Shopware","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57721","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871","reference_id":"CVE-2022-24871","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871"},{"reference_url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392407?format=json","purl":"pkg:composer/shopware/shopware@6.4.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.4.10%252B1"}],"aliases":["CVE-2022-24871","GHSA-7gm7-8q8v-9gf2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx2r-jrwf-h3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173532?format=json","vulnerability_id":"VCID-nfjj-zv57-yyd8","summary":"Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36618","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates"},{"reference_url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744","reference_id":"CVE-2022-24744","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744"},{"reference_url":"https://github.com/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w267-m9c4-8555"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:14Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555"}],"fixed_packages":[],"aliases":["CVE-2022-24744","GHSA-w267-m9c4-8555"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfjj-zv57-yyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310690?format=json","vulnerability_id":"VCID-q82r-1g64-zbcr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12799","reference_id":"","reference_type":"","scores":[{"value":"0.24236","scoring_system":"epss","scoring_elements":"0.9621","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12799"},{"reference_url":"https://github.com/advisories/GHSA-6m27-7cqj-2mxw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6m27-7cqj-2mxw"},{"reference_url":"https://github.com/rapid7/metasploit-framework/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rapid7/metasploit-framework/pull/11828"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12799","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12799"},{"reference_url":"https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391246?format=json","purl":"pkg:composer/shopware/shopware@5.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.1"}],"aliases":["CVE-2019-12799","GHSA-rf8f-hqjv-986p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q82r-1g64-zbcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362038?format=json","vulnerability_id":"VCID-rnc1-jrmp-zyb3","summary":"Remote Code Execution Vulnerability\nUnder certain circumstances, it’s possible to execute an authorized foreign code in Shopware.","references":[{"reference_url":"http://en.community.shopware.com/_detail_2015.html","reference_id":"","reference_type":"","scores":[],"url":"http://en.community.shopware.com/_detail_2015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31567?format=json","purl":"pkg:composer/shopware/shopware@5.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-ezyq-68sc-5bd9"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.25"}],"aliases":["GMS-2017-135"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnc1-jrmp-zyb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361996?format=json","vulnerability_id":"VCID-sn3t-q8gg-kyhb","summary":"Remote Code Execution Vulnerability\nUnder certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware.","references":[{"reference_url":"http://en.community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[],"url":"http://en.community.shopware.com/_detail_1989.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31565?format=json","purl":"pkg:composer/shopware/shopware@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-ezyq-68sc-5bd9"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-y6r6-jye4-6fcw"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.16"}],"aliases":["GMS-2017-106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sn3t-q8gg-kyhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/343822?format=json","vulnerability_id":"VCID-uwd4-xtvn-vbc2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41188","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41188"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v5.7.6","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v5.7.6"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41188"},{"reference_url":"https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382190?format=json","purl":"pkg:composer/shopware/shopware@5.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-854m-qku5-3kh4"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.6"}],"aliases":["CVE-2021-41188","GHSA-4p3x-8qw9-24w9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwd4-xtvn-vbc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322380?format=json","vulnerability_id":"VCID-w9df-hedh-yken","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13997","reference_id":"","reference_type":"","scores":[{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.75159","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13997"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13997","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13997"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[],"aliases":["CVE-2020-13997","GHSA-r4ph-mx67-x58p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9df-hedh-yken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/304581?format=json","vulnerability_id":"VCID-z33f-tegn-n3g7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20713","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70526","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20713"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018"},{"reference_url":"https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20713","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385563?format=json","purl":"pkg:composer/shopware/shopware@5.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.4.3"}],"aliases":["CVE-2018-20713","GHSA-42gv-77f4-r3j9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z33f-tegn-n3g7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361995?format=json","vulnerability_id":"VCID-81v4-fbjh-yfe5","summary":"Code Injection\nRemote Code Execution Vulnerability in shopware.","references":[{"reference_url":"https://community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[],"url":"https://community.shopware.com/_detail_1989.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388893?format=json","purl":"pkg:composer/shopware/shopware@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-fkhy-6p8g-pfa2"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-sn3t-q8gg-kyhb"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@4.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/31563?format=json","purl":"pkg:composer/shopware/shopware@5.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fxg-teew-83cd"},{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-ezyq-68sc-5bd9"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nv8d-n6fg-j7cc"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-sn3t-q8gg-kyhb"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-y6r6-jye4-6fcw"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.15"}],"aliases":["GMS-2017-341"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81v4-fbjh-yfe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361997?format=json","vulnerability_id":"VCID-nv8d-n6fg-j7cc","summary":"Code Injection\nRemote Code Execution Vulnerability in shopware.","references":[{"reference_url":"https://community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[],"url":"https://community.shopware.com/_detail_1989.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388893?format=json","purl":"pkg:composer/shopware/shopware@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-fkhy-6p8g-pfa2"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-sn3t-q8gg-kyhb"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@4.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/31565?format=json","purl":"pkg:composer/shopware/shopware@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-ezyq-68sc-5bd9"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-y6r6-jye4-6fcw"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.16"}],"aliases":["GMS-2017-342"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv8d-n6fg-j7cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362041?format=json","vulnerability_id":"VCID-y6r6-jye4-6fcw","summary":"Code Injection\nRemote Code Execution Vulnerability in shopware.","references":[{"reference_url":"https://community.shopware.com/_detail_2015.html","reference_id":"","reference_type":"","scores":[],"url":"https://community.shopware.com/_detail_2015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388893?format=json","purl":"pkg:composer/shopware/shopware@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-fkhy-6p8g-pfa2"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-rnc1-jrmp-zyb3"},{"vulnerability":"VCID-sn3t-q8gg-kyhb"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@4.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/31567?format=json","purl":"pkg:composer/shopware/shopware@5.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-cvg6-jqs9-63c9"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-dhvd-4xqg-hkaq"},{"vulnerability":"VCID-ezyq-68sc-5bd9"},{"vulnerability":"VCID-g9gt-r2rt-q3fe"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"},{"vulnerability":"VCID-x83t-eu6f-gfh3"},{"vulnerability":"VCID-z33f-tegn-n3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.25"}],"aliases":["GMS-2017-343"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6r6-jye4-6fcw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@4.3.0"}