{"url":"http://public2.vulnerablecode.io/api/packages/443861?format=json","purl":"pkg:composer/shopware/shopware@5.5.0","type":"composer","namespace":"shopware","name":"shopware","version":"5.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.7.18","latest_non_vulnerable_version":"6.7.2+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173406?format=json","vulnerability_id":"VCID-3q9w-4gh6-nkds","summary":"Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24879","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33203","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24879"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"#5-7-9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24879","reference_id":"CVE-2022-24879","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24879"},{"reference_url":"https://github.com/advisories/GHSA-pf38-v6qj-j23h","reference_id":"GHSA-pf38-v6qj-j23h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf38-v6qj-j23h"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h","reference_id":"GHSA-pf38-v6qj-j23h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"security-update-04-2022","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20346?format=json","purl":"pkg:composer/shopware/shopware@5.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9"}],"aliases":["CVE-2022-24879","GHSA-pf38-v6qj-j23h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q9w-4gh6-nkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322367?format=json","vulnerability_id":"VCID-5d5t-4nh9-gffx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13970","reference_id":"","reference_type":"","scores":[{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61404","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13970"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13970","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13970"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[],"aliases":["CVE-2020-13970","GHSA-5vmg-x99g-396q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d5t-4nh9-gffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208939?format=json","vulnerability_id":"VCID-9f58-1dw2-uka2","summary":"Improper Access Control in Shopware","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40586","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872","reference_id":"CVE-2022-24872","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872"},{"reference_url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc"}],"fixed_packages":[],"aliases":["CVE-2022-24872","GHSA-9wrv-g75h-8ccc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f58-1dw2-uka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340014?format=json","vulnerability_id":"VCID-9kzj-dbw3-p3ff","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32710","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32710"},{"reference_url":"https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32710","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32710"},{"reference_url":"https://packagist.org/packages/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/shopware/platform"},{"reference_url":"https://github.com/advisories/GHSA-h9q8-5gv2-v6mg","reference_id":"GHSA-h9q8-5gv2-v6mg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h9q8-5gv2-v6mg"}],"fixed_packages":[],"aliases":["CVE-2021-32710","GHSA-h9q8-5gv2-v6mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kzj-dbw3-p3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173537?format=json","vulnerability_id":"VCID-bb2g-d5ny-5yhh","summary":"Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24873","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60995","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24873"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"#5-7-9","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24873","reference_id":"CVE-2022-24873","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24873"},{"reference_url":"https://github.com/advisories/GHSA-4g29-fccr-p59w","reference_id":"GHSA-4g29-fccr-p59w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g29-fccr-p59w"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w","reference_id":"GHSA-4g29-fccr-p59w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"security-update-04-2022","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20346?format=json","purl":"pkg:composer/shopware/shopware@5.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9"}],"aliases":["CVE-2022-24873","GHSA-4g29-fccr-p59w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb2g-d5ny-5yhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210596?format=json","vulnerability_id":"VCID-cvg6-jqs9-63c9","summary":"Shopware Cross-site Scripting Vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12935","reference_id":"","reference_type":"","scores":[{"value":"0.0358","scoring_system":"epss","scoring_elements":"0.88013","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12935"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jun/32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jun/32"},{"reference_url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware"},{"reference_url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/","reference_id":"","reference_type":"","scores":[],"url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/"},{"reference_url":"https://www.shopware.com/en/changelog/#5-5-8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#5-5-8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12935","reference_id":"CVE-2019-12935","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12935"},{"reference_url":"https://github.com/advisories/GHSA-8qxh-hcr9-2379","reference_id":"GHSA-8qxh-hcr9-2379","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qxh-hcr9-2379"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23825?format=json","purl":"pkg:composer/shopware/shopware@5.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-q82r-1g64-zbcr"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.5.8"}],"aliases":["CVE-2019-12935","GHSA-8qxh-hcr9-2379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvg6-jqs9-63c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166991?format=json","vulnerability_id":"VCID-d3za-bchr-uycm","summary":"Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36102","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.703","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36102"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36102","reference_id":"CVE-2022-36102","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36102"},{"reference_url":"https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6","reference_id":"de92d3a78279119a5bbe203054f8fa1d25126af6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6"},{"reference_url":"https://github.com/advisories/GHSA-qc43-pgwq-3q2q","reference_id":"GHSA-qc43-pgwq-3q2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc43-pgwq-3q2q"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q","reference_id":"GHSA-qc43-pgwq-3q2q","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022","reference_id":"security-update-09-2022","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"shopware","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://packagist.org/packages/shopware/shopware"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26521?format=json","purl":"pkg:composer/shopware/shopware@5.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15"}],"aliases":["CVE-2022-36102","GHSA-qc43-pgwq-3q2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3za-bchr-uycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361160?format=json","vulnerability_id":"VCID-dadg-wnjd-gqaq","summary":"Exposure of .env if project root is configured as web root in shopware/production\n### Impact\n\nThe .env and other sensitive files can be leaked if the project root and not `/public` is configured as the web root.\n\n### Patches\nWe recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\n\nYou should always use `/public` as the web root.\n\nFor older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2021","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-3pcr-4982-548m","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-3pcr-4982-548m"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3pcr-4982-548m","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3pcr-4982-548m"},{"reference_url":"https://github.com/advisories/GHSA-3pcr-4982-548m","reference_id":"GHSA-3pcr-4982-548m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pcr-4982-548m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382460?format=json","purl":"pkg:composer/shopware/shopware@6.3.5%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.3.5%252B3"}],"aliases":["GHSA-3pcr-4982-548m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dadg-wnjd-gqaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142047?format=json","vulnerability_id":"VCID-h296-uh2x-6kfn","summary":"Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34099","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34099"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34099","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34099"},{"reference_url":"https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d","reference_id":"39cc714d9a0be33b43877044d0b88ea3c6b43f3d","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-18","reference_id":"#5-7-18","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-18"},{"reference_url":"https://github.com/advisories/GHSA-gh66-fp7j-98v5","reference_id":"GHSA-gh66-fp7j-98v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5","reference_id":"GHSA-gh66-fp7j-98v5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023","reference_id":"security-update-06-2023","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381787?format=json","purl":"pkg:composer/shopware/shopware@5.7.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.18"}],"aliases":["CVE-2023-34099","GHSA-gh66-fp7j-98v5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h296-uh2x-6kfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322368?format=json","vulnerability_id":"VCID-h65n-32h9-dfcd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13971","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54332","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13971"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13971","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13971"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[],"aliases":["CVE-2020-13971","GHSA-fxf3-wx3c-76pf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h65n-32h9-dfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173352?format=json","vulnerability_id":"VCID-hsjw-skmb-5udq","summary":"Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52232","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"#5-7-9","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892","reference_id":"CVE-2022-24892","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892"},{"reference_url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"security-update-04-2022","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20346?format=json","purl":"pkg:composer/shopware/shopware@5.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9"}],"aliases":["CVE-2022-24892","GHSA-3qrq-r688-vvh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjw-skmb-5udq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208936?format=json","vulnerability_id":"VCID-jx2r-jrwf-h3bm","summary":"Server-Side Request Forgery (SSRF) in Shopware","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57721","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871","reference_id":"CVE-2022-24871","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871"},{"reference_url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392407?format=json","purl":"pkg:composer/shopware/shopware@6.4.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.4.10%252B1"}],"aliases":["CVE-2022-24871","GHSA-7gm7-8q8v-9gf2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx2r-jrwf-h3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173532?format=json","vulnerability_id":"VCID-nfjj-zv57-yyd8","summary":"Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36618","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates"},{"reference_url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744","reference_id":"CVE-2022-24744","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744"},{"reference_url":"https://github.com/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w267-m9c4-8555"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:14Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555"}],"fixed_packages":[],"aliases":["CVE-2022-24744","GHSA-w267-m9c4-8555"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfjj-zv57-yyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310690?format=json","vulnerability_id":"VCID-q82r-1g64-zbcr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12799","reference_id":"","reference_type":"","scores":[{"value":"0.24236","scoring_system":"epss","scoring_elements":"0.9621","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12799"},{"reference_url":"https://github.com/advisories/GHSA-6m27-7cqj-2mxw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6m27-7cqj-2mxw"},{"reference_url":"https://github.com/rapid7/metasploit-framework/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rapid7/metasploit-framework/pull/11828"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12799","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12799"},{"reference_url":"https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391246?format=json","purl":"pkg:composer/shopware/shopware@5.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-5d5t-4nh9-gffx"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9kzj-dbw3-p3ff"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-dadg-wnjd-gqaq"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-h65n-32h9-dfcd"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-uwd4-xtvn-vbc2"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"},{"vulnerability":"VCID-w9df-hedh-yken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.1"}],"aliases":["CVE-2019-12799","GHSA-rf8f-hqjv-986p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q82r-1g64-zbcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167052?format=json","vulnerability_id":"VCID-u5yn-sd89-qfhy","summary":"Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36101","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64788","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36101"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a","reference_id":"af5cdbc81d60f21b728e1433aeb8837f25938d2a","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36101","reference_id":"CVE-2022-36101","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36101"},{"reference_url":"https://github.com/advisories/GHSA-6vfq-jmxg-g58r","reference_id":"GHSA-6vfq-jmxg-g58r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vfq-jmxg-g58r"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r","reference_id":"GHSA-6vfq-jmxg-g58r","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022","reference_id":"security-update-09-2022","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"shopware","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://packagist.org/packages/shopware/shopware"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26521?format=json","purl":"pkg:composer/shopware/shopware@5.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15"}],"aliases":["CVE-2022-36101","GHSA-6vfq-jmxg-g58r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5yn-sd89-qfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/343822?format=json","vulnerability_id":"VCID-uwd4-xtvn-vbc2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41188","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41188"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v5.7.6","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v5.7.6"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41188"},{"reference_url":"https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html"},{"reference_url":"https://github.com/advisories/GHSA-4p3x-8qw9-24w9","reference_id":"GHSA-4p3x-8qw9-24w9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p3x-8qw9-24w9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382190?format=json","purl":"pkg:composer/shopware/shopware@5.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-854m-qku5-3kh4"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"},{"vulnerability":"VCID-w1p9-hgzg-gyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.6"}],"aliases":["CVE-2021-41188","GHSA-4p3x-8qw9-24w9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwd4-xtvn-vbc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/169496?format=json","vulnerability_id":"VCID-w1p9-hgzg-gyhy","summary":"Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21651","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21651"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886","reference_id":"a90046c765c57a46c4399dce17bd174253c32886","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/"}],"url":"https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21651","reference_id":"CVE-2022-21651","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21651"},{"reference_url":"https://github.com/advisories/GHSA-c53v-qmrx-93hg","reference_id":"GHSA-c53v-qmrx-93hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c53v-qmrx-93hg"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg","reference_id":"GHSA-c53v-qmrx-93hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022","reference_id":"security-update-01-2022","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18585?format=json","purl":"pkg:composer/shopware/shopware@5.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q9w-4gh6-nkds"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-bb2g-d5ny-5yhh"},{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-hsjw-skmb-5udq"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.7"}],"aliases":["CVE-2022-21651","GHSA-c53v-qmrx-93hg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1p9-hgzg-gyhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322380?format=json","vulnerability_id":"VCID-w9df-hedh-yken","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13997","reference_id":"","reference_type":"","scores":[{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.75159","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13997"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13997","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13997"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[],"aliases":["CVE-2020-13997","GHSA-r4ph-mx67-x58p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9df-hedh-yken"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.5.0"}