{"url":"http://public2.vulnerablecode.io/api/packages/420690?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B0","type":"composer","namespace":"shopware","name":"core","version":"6.4.3+0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.2.3","latest_non_vulnerable_version":"6.2.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13932?format=json","vulnerability_id":"VCID-2e24-h4wg-6fgy","summary":"Cross-site Scripting\nShopware is an open source eCommerce platform. contain a Cross-Site Scripting vulnerability via SVG media files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37710","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55338","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37710"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37710","reference_id":"CVE-2021-37710","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37710"},{"reference_url":"https://github.com/advisories/GHSA-fc38-mxwr-pfhx","reference_id":"GHSA-fc38-mxwr-pfhx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fc38-mxwr-pfhx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57697?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"}],"aliases":["CVE-2021-37710","GHSA-fc38-mxwr-pfhx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2e24-h4wg-6fgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13933?format=json","vulnerability_id":"VCID-39y7-ay38-m7dz","summary":"Inclusion of Sensitive Information in Log Files\nShopware is an open source eCommerce platform. contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37709","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44392","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37709"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37709","reference_id":"CVE-2021-37709","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37709"},{"reference_url":"https://github.com/advisories/GHSA-54gp-qff8-946c","reference_id":"GHSA-54gp-qff8-946c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54gp-qff8-946c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57697?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"}],"aliases":["CVE-2021-37709","GHSA-54gp-qff8-946c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39y7-ay38-m7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13929?format=json","vulnerability_id":"VCID-5393-j7pp-tqa2","summary":"Improper Input Validation\nShopware is an open source eCommerce platform. contain a vulnerability that allows manipulation of product reviews via API. contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37707","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44007","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37707"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37707","reference_id":"CVE-2021-37707","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37707"},{"reference_url":"https://github.com/advisories/GHSA-9f8f-574q-8jmf","reference_id":"GHSA-9f8f-574q-8jmf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f8f-574q-8jmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57697?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"}],"aliases":["CVE-2021-37707","GHSA-9f8f-574q-8jmf"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5393-j7pp-tqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13934?format=json","vulnerability_id":"VCID-s891-7fx6-k7e8","summary":"Server-Side Request Forgery (SSRF)\nShopware contains an authenticated server-side request forgery vulnerability in file upload via URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37711","reference_id":"","reference_type":"","scores":[{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.67077","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37711"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37711","reference_id":"CVE-2021-37711","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37711"},{"reference_url":"https://github.com/advisories/GHSA-gcvv-gq92-x94r","reference_id":"GHSA-gcvv-gq92-x94r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcvv-gq92-x94r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57697?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"}],"aliases":["CVE-2021-37711","GHSA-gcvv-gq92-x94r"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s891-7fx6-k7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13931?format=json","vulnerability_id":"VCID-wdc4-uy1a-ybec","summary":"Command Injection\nShopware is an open source eCommerce platform. contain a command injection vulnerability in mail agent settings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37708","reference_id":"","reference_type":"","scores":[{"value":"0.07808","scoring_system":"epss","scoring_elements":"0.92101","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37708"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37708","reference_id":"CVE-2021-37708","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37708"},{"reference_url":"https://github.com/advisories/GHSA-xh55-2fqp-p775","reference_id":"GHSA-xh55-2fqp-p775","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh55-2fqp-p775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57697?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"}],"aliases":["CVE-2021-37708","GHSA-xh55-2fqp-p775"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdc4-uy1a-ybec"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B0"}