{"url":"http://public2.vulnerablecode.io/api/packages/512871?format=json","purl":"pkg:composer/shopware/core@6.3.0.0","type":"composer","namespace":"shopware","name":"core","version":"6.3.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.6.10.15","latest_non_vulnerable_version":"6.7.8.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361153?format=json","vulnerability_id":"VCID-1dd1-z8c1-4bhe","summary":"Leak of information via Store-API aggregations in shopware/platform and shopware/core\n### Impact\n\nLeak of information via Store-API\n\n### Patches\nWe recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2021","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-qg7c-q3vq-rgxr","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-qg7c-q3vq-rgxr"},{"reference_url":"https://github.com/advisories/GHSA-qg7c-q3vq-rgxr","reference_id":"GHSA-qg7c-q3vq-rgxr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qg7c-q3vq-rgxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512885?format=json","purl":"pkg:composer/shopware/core@6.3.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/382379?format=json","purl":"pkg:composer/shopware/core@6.3.5%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.5%252B3"}],"aliases":["GHSA-qg7c-q3vq-rgxr","GMS-2021-120","GMS-2021-127"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dd1-z8c1-4bhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361278?format=json","vulnerability_id":"VCID-1qmp-51ee-qqhu","summary":"### Impact\nCanceling of orders not related to the logged-in user\n\n### Patches\nWe recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-wq3r-jwrq-xg6w","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-wq3r-jwrq-xg6w"},{"reference_url":"https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659"},{"reference_url":"https://www.shopware.com/en/download/#shopware-6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/download/#shopware-6"},{"reference_url":"https://github.com/advisories/GHSA-wq3r-jwrq-xg6w","reference_id":"GHSA-wq3r-jwrq-xg6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq3r-jwrq-xg6w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383344?format=json","purl":"pkg:composer/shopware/core@6.4.1%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.1%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512890?format=json","purl":"pkg:composer/shopware/core@6.4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.1.1"}],"aliases":["GHSA-wq3r-jwrq-xg6w","GMS-2021-122","GMS-2021-129"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qmp-51ee-qqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361122?format=json","vulnerability_id":"VCID-2mjt-sqy1-hyfr","summary":"### Impact\nAuthenticated Server Side Request Forgery\n\n### Patches\nWe recommend to update to the current version 6.3.4.1. You can get the update to 6.3.4.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-12-2020\n\n### Credits\nWe would like to thank <a rel=\"noopener\" href=\"https://reqon.nl\">REQON B.V.</a> for reporting this issue.","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-8pfh-mm2g-hmc3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-8pfh-mm2g-hmc3"},{"reference_url":"https://github.com/advisories/GHSA-8pfh-mm2g-hmc3","reference_id":"GHSA-8pfh-mm2g-hmc3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pfh-mm2g-hmc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512881?format=json","purl":"pkg:composer/shopware/core@6.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dd1-z8c1-4bhe"},{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h37w-z4bu-zyfq"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/382089?format=json","purl":"pkg:composer/shopware/core@6.3.4%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.4%252B1"}],"aliases":["GHSA-8pfh-mm2g-hmc3","GMS-2020-586","GMS-2020-593"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mjt-sqy1-hyfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212311?format=json","vulnerability_id":"VCID-43zt-wnjy-rudk","summary":"Shopware vulnerable to path traversal via Plugin upload","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be"},{"reference_url":"https://github.com/advisories/GHSA-6wh5-mw9h-5c3w","reference_id":"GHSA-6wh5-mw9h-5c3w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wh5-mw9h-5c3w"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w","reference_id":"GHSA-6wh5-mw9h-5c3w","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34676?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7"},{"url":"http://public2.vulnerablecode.io/api/packages/873685?format=json","purl":"pkg:composer/shopware/core@6.6.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8xu-y9nr-9uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/34680?format=json","purl":"pkg:composer/shopware/core@6.7.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/873688?format=json","purl":"pkg:composer/shopware/core@6.7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1"}],"aliases":["GHSA-6wh5-mw9h-5c3w"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43zt-wnjy-rudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206270?format=json","vulnerability_id":"VCID-4y8h-sdsv-hkc5","summary":"Non-persistent XSS in the Storefront in Shopware","references":[{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/advisories/GHSA-qvhr-55hg-3qwv","reference_id":"GHSA-qvhr-55hg-3qwv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvhr-55hg-3qwv"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-qvhr-55hg-3qwv","reference_id":"GHSA-qvhr-55hg-3qwv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-qvhr-55hg-3qwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17805?format=json","purl":"pkg:composer/shopware/core@6.3.1%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.1%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512875?format=json","purl":"pkg:composer/shopware/core@6.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dd1-z8c1-4bhe"},{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-2mjt-sqy1-hyfr"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9t6r-vyew-jkew"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h37w-z4bu-zyfq"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kqg1-q41e-syhv"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qadm-4us3-2ugq"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-qj7g-zfwm-m7ce"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.1.1"}],"aliases":["GHSA-qvhr-55hg-3qwv","GMS-2020-591","GMS-2020-598"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4y8h-sdsv-hkc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212314?format=json","vulnerability_id":"VCID-5b7t-vavj-efae","summary":"Shopware Customer Orders can be canceled, even if refunds are disabled","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592"},{"reference_url":"https://github.com/advisories/GHSA-r2vg-hvjm-fg38","reference_id":"GHSA-r2vg-hvjm-fg38","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r2vg-hvjm-fg38"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38","reference_id":"GHSA-r2vg-hvjm-fg38","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34676?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7"},{"url":"http://public2.vulnerablecode.io/api/packages/873685?format=json","purl":"pkg:composer/shopware/core@6.6.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8xu-y9nr-9uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/34680?format=json","purl":"pkg:composer/shopware/core@6.7.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/873688?format=json","purl":"pkg:composer/shopware/core@6.7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1"}],"aliases":["GHSA-r2vg-hvjm-fg38"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5b7t-vavj-efae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149874?format=json","vulnerability_id":"VCID-5yxh-sqdk-37dy","summary":"Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22730","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53562","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53689","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53687","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53703","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22730"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22730","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22730"},{"reference_url":"https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9","reference_id":"4fce12096e54b2033832d9104fa2e68888c2b4e9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/"}],"url":"https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9"},{"reference_url":"https://github.com/advisories/GHSA-8r6h-m72v-38fg","reference_id":"GHSA-8r6h-m72v-38fg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8r6h-m72v-38fg"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg","reference_id":"GHSA-8r6h-m72v-38fg","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates","reference_id":"security-update-01-2023?category=security-updates","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/607761?format=json","purl":"pkg:composer/shopware/core@6.4.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379920?format=json","purl":"pkg:composer/shopware/core@6.4.18%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1"}],"aliases":["CVE-2023-22730","GHSA-8r6h-m72v-38fg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yxh-sqdk-37dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71295?format=json","vulnerability_id":"VCID-637f-zxjb-8ufn","summary":"Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CHECKOUT__CUSTOMER_AUTH_BAD_CREDENTIALS) or is unknown (CHECKOUT__CUSTOMER_NOT_FOUND). The \"not found\" response also echoes the probed email address. This allows an unauthenticated attacker to enumerate valid customer accounts. The storefront login controller correctly unifies both error paths, but the Store API does not — indicating an inconsistent defense. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31888","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17474","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17628","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17654","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17636","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31888"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31888","reference_id":"CVE-2026-31888","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31888"},{"reference_url":"https://github.com/advisories/GHSA-gqc5-xv7m-gcjq","reference_id":"GHSA-gqc5-xv7m-gcjq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqc5-xv7m-gcjq"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq","reference_id":"GHSA-gqc5-xv7m-gcjq","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:39Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40705?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15"},{"url":"http://public2.vulnerablecode.io/api/packages/962818?format=json","purl":"pkg:composer/shopware/core@6.6.10.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15"},{"url":"http://public2.vulnerablecode.io/api/packages/40703?format=json","purl":"pkg:composer/shopware/core@6.7.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/962823?format=json","purl":"pkg:composer/shopware/core@6.7.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1"}],"aliases":["CVE-2026-31888","GHSA-gqc5-xv7m-gcjq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-637f-zxjb-8ufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360508?format=json","vulnerability_id":"VCID-6tys-6s4d-fqcm","summary":"Shopware Broken ACL on Document retrieval to access other customers documents\n### Impact\nIt's possible to guess the deepLinkCode of an Document to open documents of other customers\n\n### Patches\nUpdate to Shopware 6.6.10.3 or 6.5.8.17\n\n### Workarounds\nFor older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q"},{"reference_url":"https://github.com/advisories/GHSA-68wv-g3fw-pq7q","reference_id":"GHSA-68wv-g3fw-pq7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68wv-g3fw-pq7q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376414?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-stdp-p5h7-3kg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B17"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/792816?format=json","purl":"pkg:composer/shopware/core@6.6.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/376234?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/376231?format=json","purl":"pkg:composer/shopware/core@6.7.0%2B0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/792818?format=json","purl":"pkg:composer/shopware/core@6.7.0.0-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-9men-n7d5-63ct"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2"}],"aliases":["GHSA-68wv-g3fw-pq7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tys-6s4d-fqcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149421?format=json","vulnerability_id":"VCID-845f-5kns-bqcb","summary":"Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22732","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61686","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61682","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61576","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61678","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22732"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22732","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22732"},{"reference_url":"https://github.com/shopware/platform/commit/cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6","reference_id":"cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/"}],"url":"https://github.com/shopware/platform/commit/cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6"},{"reference_url":"https://github.com/advisories/GHSA-59qg-93jg-236f","reference_id":"GHSA-59qg-93jg-236f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59qg-93jg-236f"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-59qg-93jg-236f","reference_id":"GHSA-59qg-93jg-236f","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-59qg-93jg-236f"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates","reference_id":"security-update-01-2023?category=security-updates","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/607761?format=json","purl":"pkg:composer/shopware/core@6.4.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379920?format=json","purl":"pkg:composer/shopware/core@6.4.18%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1"}],"aliases":["CVE-2023-22732","GHSA-59qg-93jg-236f"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-845f-5kns-bqcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341927?format=json","vulnerability_id":"VCID-9asn-9v27-x3e1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37710","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55486","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55607","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55621","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55609","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37710"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37710","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37710"},{"reference_url":"https://github.com/advisories/GHSA-fc38-mxwr-pfhx","reference_id":"GHSA-fc38-mxwr-pfhx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fc38-mxwr-pfhx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382817?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2021-37710","GHSA-fc38-mxwr-pfhx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9asn-9v27-x3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208939?format=json","vulnerability_id":"VCID-9f58-1dw2-uka2","summary":"Improper Access Control in Shopware","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40754","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40777","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40586","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40764","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872","reference_id":"CVE-2022-24872","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872"},{"reference_url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20252?format=json","purl":"pkg:composer/shopware/core@6.4.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.10%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2022-24872","GHSA-9wrv-g75h-8ccc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f58-1dw2-uka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361121?format=json","vulnerability_id":"VCID-9t6r-vyew-jkew","summary":"### Impact\n\nInformation exposure via query strings in URL\n\n### Patches\nWe recommend to update to the current version 6.3.4.1. You can get the update to 6.3.4.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-12-2020\n\n### Credits\nWe would like to thank <a rel=\"noopener\" href=\"https://www.vater-it.de/\">Oliver Herrmann</a> for reporting this issue.","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-cq6h-w3mc-57f4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-cq6h-w3mc-57f4"},{"reference_url":"https://github.com/advisories/GHSA-cq6h-w3mc-57f4","reference_id":"GHSA-cq6h-w3mc-57f4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cq6h-w3mc-57f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512881?format=json","purl":"pkg:composer/shopware/core@6.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dd1-z8c1-4bhe"},{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h37w-z4bu-zyfq"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/382089?format=json","purl":"pkg:composer/shopware/core@6.3.4%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.4%252B1"}],"aliases":["GHSA-cq6h-w3mc-57f4","GMS-2020-588","GMS-2020-595"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t6r-vyew-jkew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212350?format=json","vulnerability_id":"VCID-a8xu-y9nr-9uag","summary":"Shopware 6's password recovery link does not expire after email change","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/1338dd9a11e361639704bf8f09b6878552eb8c13","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/1338dd9a11e361639704bf8f09b6878552eb8c13"},{"reference_url":"https://github.com/shopware/shopware/commit/2fb94855696a90045b81c503d216ba7df8e64e52","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/2fb94855696a90045b81c503d216ba7df8e64e52"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.9","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.9"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.7.4.1","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.7.4.1"},{"reference_url":"https://github.com/advisories/GHSA-2w46-vq8h-98vh","reference_id":"GHSA-2w46-vq8h-98vh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2w46-vq8h-98vh"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-2w46-vq8h-98vh","reference_id":"GHSA-2w46-vq8h-98vh","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-2w46-vq8h-98vh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35232?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B9"},{"url":"http://public2.vulnerablecode.io/api/packages/879127?format=json","purl":"pkg:composer/shopware/core@6.6.10.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/35236?format=json","purl":"pkg:composer/shopware/core@6.7.4%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.4%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/879129?format=json","purl":"pkg:composer/shopware/core@6.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.4.1"}],"aliases":["GHSA-2w46-vq8h-98vh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xu-y9nr-9uag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173377?format=json","vulnerability_id":"VCID-awa5-42f5-2ygj","summary":"Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24748","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45131","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45119","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45117","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44966","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24748"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022?_ga=2.27683580.172848620.1646933022-368790926.1646933022","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022?_ga=2.27683580.172848620.1646933022-368790926.1646933022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/core/commit/329e4d7e028dd8081496cf8bd3acc822000b0ec0","reference_id":"329e4d7e028dd8081496cf8bd3acc822000b0ec0","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:22Z/"}],"url":"https://github.com/shopware/core/commit/329e4d7e028dd8081496cf8bd3acc822000b0ec0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24748","reference_id":"CVE-2022-24748","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24748"},{"reference_url":"https://github.com/advisories/GHSA-83vp-6jqg-6cmr","reference_id":"GHSA-83vp-6jqg-6cmr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83vp-6jqg-6cmr"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-83vp-6jqg-6cmr","reference_id":"GHSA-83vp-6jqg-6cmr","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:22Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-83vp-6jqg-6cmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19637?format=json","purl":"pkg:composer/shopware/core@6.4.8%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.8%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2022-24748","GHSA-83vp-6jqg-6cmr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awa5-42f5-2ygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62293?format=json","vulnerability_id":"VCID-d284-ecsh-ebhw","summary":"Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22407","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28835","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28848","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28859","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28635","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22407"},{"reference_url":"https://github.com/shopware/core/commit/78142489264f9262eaaa436ba036df40026a06be","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/core/commit/78142489264f9262eaaa436ba036df40026a06be"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/fb25e24ca51650009ffa2520f1e67b48b911354a","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/fb25e24ca51650009ffa2520f1e67b48b911354a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22407","reference_id":"CVE-2024-22407","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22407"},{"reference_url":"https://github.com/advisories/GHSA-3867-jc5c-66qf","reference_id":"GHSA-3867-jc5c-66qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3867-jc5c-66qf"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf","reference_id":"GHSA-3867-jc5c-66qf","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:09:33Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28430?format=json","purl":"pkg:composer/shopware/core@6.5.7%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/685851?format=json","purl":"pkg:composer/shopware/core@6.5.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7.4"}],"aliases":["CVE-2024-22407","GHSA-3867-jc5c-66qf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d284-ecsh-ebhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206269?format=json","vulnerability_id":"VCID-ddgd-srbu-efda","summary":"RCE in Third Party Library in Shopware","references":[{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020"},{"reference_url":"https://github.com/advisories/GHSA-qvc5-cfrr-384v","reference_id":"GHSA-qvc5-cfrr-384v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvc5-cfrr-384v"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-qvc5-cfrr-384v","reference_id":"GHSA-qvc5-cfrr-384v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-qvc5-cfrr-384v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17805?format=json","purl":"pkg:composer/shopware/core@6.3.1%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.1%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512875?format=json","purl":"pkg:composer/shopware/core@6.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dd1-z8c1-4bhe"},{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-2mjt-sqy1-hyfr"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-9t6r-vyew-jkew"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h37w-z4bu-zyfq"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kqg1-q41e-syhv"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qadm-4us3-2ugq"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-qj7g-zfwm-m7ce"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.1.1"}],"aliases":["GHSA-qvc5-cfrr-384v","GMS-2020-590","GMS-2020-597"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgd-srbu-efda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71464?format=json","vulnerability_id":"VCID-dqba-4hk6-eud2","summary":"Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31889","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26177","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26375","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2639","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26378","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31889"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31889","reference_id":"CVE-2026-31889","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31889"},{"reference_url":"https://github.com/advisories/GHSA-c4p7-rwrg-pf6p","reference_id":"GHSA-c4p7-rwrg-pf6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4p7-rwrg-pf6p"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p","reference_id":"GHSA-c4p7-rwrg-pf6p","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:04:03Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40705?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15"},{"url":"http://public2.vulnerablecode.io/api/packages/962818?format=json","purl":"pkg:composer/shopware/core@6.6.10.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15"},{"url":"http://public2.vulnerablecode.io/api/packages/40703?format=json","purl":"pkg:composer/shopware/core@6.7.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/962823?format=json","purl":"pkg:composer/shopware/core@6.7.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1"}],"aliases":["CVE-2026-31889","GHSA-c4p7-rwrg-pf6p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqba-4hk6-eud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341926?format=json","vulnerability_id":"VCID-f9zv-9awa-qfha","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37709","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44465","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44619","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44635","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44622","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37709"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37709","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37709"},{"reference_url":"https://github.com/advisories/GHSA-54gp-qff8-946c","reference_id":"GHSA-54gp-qff8-946c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54gp-qff8-946c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382817?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2021-37709","GHSA-54gp-qff8-946c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9zv-9awa-qfha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150760?format=json","vulnerability_id":"VCID-g4mm-3wn7-z3dr","summary":"Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\\Core\\Framework\\Adapter\\Twig\\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2017","reference_id":"","reference_type":"","scores":[{"value":"0.02271","scoring_system":"epss","scoring_elements":"0.85005","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02424","scoring_system":"epss","scoring_elements":"0.85519","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02424","scoring_system":"epss","scoring_elements":"0.85527","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02424","scoring_system":"epss","scoring_elements":"0.85517","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2017"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/releases/tag/v6.4.20.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/releases/tag/v6.4.20.1"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2017","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2017"},{"reference_url":"https://starlabs.sg/advisories/23/23-2017","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://starlabs.sg/advisories/23/23-2017"},{"reference_url":"https://starlabs.sg/advisories/23/23-2017/","reference_id":"23-2017","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/"}],"url":"https://starlabs.sg/advisories/23/23-2017/"},{"reference_url":"https://github.com/advisories/GHSA-7v2v-9rm4-7m8f","reference_id":"GHSA-7v2v-9rm4-7m8f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7v2v-9rm4-7m8f"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f","reference_id":"GHSA-7v2v-9rm4-7m8f","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023","reference_id":"security-update-04-2023","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379600?format=json","purl":"pkg:composer/shopware/core@6.4.20%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.20%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/622990?format=json","purl":"pkg:composer/shopware/core@6.4.20.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.20.1"}],"aliases":["CVE-2023-2017","GHSA-7v2v-9rm4-7m8f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4mm-3wn7-z3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173376?format=json","vulnerability_id":"VCID-g55p-1gm9-j7d8","summary":"Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24747","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56081","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56205","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56216","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56201","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24747"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24747","reference_id":"CVE-2022-24747","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24747"},{"reference_url":"https://github.com/shopware/platform/commit/d51863148f32306aafdbc7f9f48887c69fce206f","reference_id":"d51863148f32306aafdbc7f9f48887c69fce206f","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:22Z/"}],"url":"https://github.com/shopware/platform/commit/d51863148f32306aafdbc7f9f48887c69fce206f"},{"reference_url":"https://github.com/advisories/GHSA-6wrh-279j-6hvw","reference_id":"GHSA-6wrh-279j-6hvw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wrh-279j-6hvw"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-6wrh-279j-6hvw","reference_id":"GHSA-6wrh-279j-6hvw","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:22Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-6wrh-279j-6hvw"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022","reference_id":"security-update-03-2022","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:22Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19637?format=json","purl":"pkg:composer/shopware/core@6.4.8%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.8%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2022-24747","GHSA-6wrh-279j-6hvw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g55p-1gm9-j7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206682?format=json","vulnerability_id":"VCID-ghc6-4er3-vueu","summary":"Webcache Poisoning in shopware/platform and shopware/core","references":[{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/9062f15450d183f2c666664841efd4f5ef25e0f3","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/9062f15450d183f2c666664841efd4f5ef25e0f3"},{"reference_url":"https://github.com/advisories/GHSA-r64m-qchj-hrjp","reference_id":"GHSA-r64m-qchj-hrjp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r64m-qchj-hrjp"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-r64m-qchj-hrjp","reference_id":"GHSA-r64m-qchj-hrjp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-r64m-qchj-hrjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18112?format=json","purl":"pkg:composer/shopware/core@6.4.6%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.6%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["GHSA-r64m-qchj-hrjp","GMS-2021-121","GMS-2021-128"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghc6-4er3-vueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361154?format=json","vulnerability_id":"VCID-h37w-z4bu-zyfq","summary":"After order payment process manipulation in shopware/platform and shopware/core\n### Impact\n\nAfter order payment process manipulation\n\n### Patches\nWe recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\n\nFor older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2021","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-88rc-3p98-rgvx","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-88rc-3p98-rgvx"},{"reference_url":"https://github.com/advisories/GHSA-88rc-3p98-rgvx","reference_id":"GHSA-88rc-3p98-rgvx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-88rc-3p98-rgvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512885?format=json","purl":"pkg:composer/shopware/core@6.3.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/382379?format=json","purl":"pkg:composer/shopware/core@6.3.5%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.5%252B3"}],"aliases":["GHSA-88rc-3p98-rgvx","GMS-2021-119","GMS-2021-124"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h37w-z4bu-zyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41243?format=json","vulnerability_id":"VCID-h4gh-jepq-2ue8","summary":"Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42357","reference_id":"","reference_type":"","scores":[{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74858","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74868","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74872","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74787","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42357"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b","reference_id":"57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/"}],"url":"https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b"},{"reference_url":"https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9","reference_id":"63c05615694790f5790a04ef889f42b764fa53c9","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/"}],"url":"https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9"},{"reference_url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_id":"8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/"}],"url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac"},{"reference_url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_id":"a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/"}],"url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42357","reference_id":"CVE-2024-42357","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42357"},{"reference_url":"https://github.com/advisories/GHSA-p6w9-r443-r752","reference_id":"GHSA-p6w9-r443-r752","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p6w9-r443-r752"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752","reference_id":"GHSA-p6w9-r443-r752","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32942?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734405?format=json","purl":"pkg:composer/shopware/core@6.6.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/32950?format=json","purl":"pkg:composer/shopware/core@6.6.5%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1"}],"aliases":["CVE-2024-42357","GHSA-p6w9-r443-r752"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4gh-jepq-2ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208936?format=json","vulnerability_id":"VCID-jx2r-jrwf-h3bm","summary":"Server-Side Request Forgery (SSRF) in Shopware","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57842","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57835","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57721","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57852","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871","reference_id":"CVE-2022-24871","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871"},{"reference_url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20252?format=json","purl":"pkg:composer/shopware/core@6.4.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.10%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2022-24871","GHSA-7gm7-8q8v-9gf2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx2r-jrwf-h3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361117?format=json","vulnerability_id":"VCID-kqg1-q41e-syhv","summary":"### Impact\nAuthenticated Privilege Escalation\n\n### Patches\nWe recommend to update to the current version 6.3.4.1. You can get the update to 6.3.4.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-12-2020","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-5q58-x5h2-v5rx","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-5q58-x5h2-v5rx"},{"reference_url":"https://github.com/advisories/GHSA-5q58-x5h2-v5rx","reference_id":"GHSA-5q58-x5h2-v5rx","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5q58-x5h2-v5rx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512881?format=json","purl":"pkg:composer/shopware/core@6.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dd1-z8c1-4bhe"},{"vulnerability":"VCID-1qmp-51ee-qqhu"},{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h37w-z4bu-zyfq"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-kvrn-vhfe-q7a1"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/382089?format=json","purl":"pkg:composer/shopware/core@6.3.4%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.4%252B1"}],"aliases":["GHSA-5q58-x5h2-v5rx","GMS-2020-585","GMS-2020-592"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqg1-q41e-syhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361271?format=json","vulnerability_id":"VCID-kvrn-vhfe-q7a1","summary":"### Impact\nnon-admin users can create integration role with administrator role\n\n### Patches\nWe recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1, 6.2, and 6.3 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659","references":[{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-243q-g9j3-qf6r","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-243q-g9j3-qf6r"},{"reference_url":"https://github.com/advisories/GHSA-243q-g9j3-qf6r","reference_id":"GHSA-243q-g9j3-qf6r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-243q-g9j3-qf6r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383344?format=json","purl":"pkg:composer/shopware/core@6.4.1%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.1%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512890?format=json","purl":"pkg:composer/shopware/core@6.4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9asn-9v27-x3e1"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-f9zv-9awa-qfha"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-ghc6-4er3-vueu"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-mdkz-brfm-4bhw"},{"vulnerability":"VCID-nfjj-zv57-yyd8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-pb4v-pcjv-3kfr"},{"vulnerability":"VCID-q355-4yb3-93cn"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-vgjj-eqzd-t7a1"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.1.1"}],"aliases":["GHSA-243q-g9j3-qf6r","GMS-2021-118","GMS-2021-123"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvrn-vhfe-q7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173312?format=json","vulnerability_id":"VCID-mdkz-brfm-4bhw","summary":"Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24746","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61101","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60995","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6111","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24746"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/651598a61073cbe59368e311817bdc6e7fb349c6","reference_id":"651598a61073cbe59368e311817bdc6e7fb349c6","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:19Z/"}],"url":"https://github.com/shopware/platform/commit/651598a61073cbe59368e311817bdc6e7fb349c6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24746","reference_id":"CVE-2022-24746","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24746"},{"reference_url":"https://github.com/advisories/GHSA-952p-fqcp-g8pc","reference_id":"GHSA-952p-fqcp-g8pc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-952p-fqcp-g8pc"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-952p-fqcp-g8pc","reference_id":"GHSA-952p-fqcp-g8pc","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:19Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-952p-fqcp-g8pc"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022","reference_id":"security-update-02-2022","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:19Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/543808?format=json","purl":"pkg:composer/shopware/core@6.4.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19634?format=json","purl":"pkg:composer/shopware/core@6.4.8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-g55p-1gm9-j7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.8%252B1"}],"aliases":["CVE-2022-24746","GHSA-952p-fqcp-g8pc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkz-brfm-4bhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173532?format=json","vulnerability_id":"VCID-nfjj-zv57-yyd8","summary":"Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36811","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36822","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36618","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36797","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates"},{"reference_url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744","reference_id":"CVE-2022-24744","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744"},{"reference_url":"https://github.com/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w267-m9c4-8555"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:14Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/543808?format=json","purl":"pkg:composer/shopware/core@6.4.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-5yxh-sqdk-37dy"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-845f-5kns-bqcb"},{"vulnerability":"VCID-9f58-1dw2-uka2"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-g55p-1gm9-j7d8"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-jx2r-jrwf-h3bm"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-p5f5-9e68-rqdd"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-radt-bkq9-9ua5"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-z266-zw44-13et"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19634?format=json","purl":"pkg:composer/shopware/core@6.4.8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-awa5-42f5-2ygj"},{"vulnerability":"VCID-g55p-1gm9-j7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.8%252B1"}],"aliases":["CVE-2022-24744","GHSA-w267-m9c4-8555"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfjj-zv57-yyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212313?format=json","vulnerability_id":"VCID-nhdh-f91b-kuex","summary":"Shopware exposes sensitive user information via CSV export mapping","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083"},{"reference_url":"https://github.com/advisories/GHSA-27c9-vp3w-6ww8","reference_id":"GHSA-27c9-vp3w-6ww8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27c9-vp3w-6ww8"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8","reference_id":"GHSA-27c9-vp3w-6ww8","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34676?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7"},{"url":"http://public2.vulnerablecode.io/api/packages/873685?format=json","purl":"pkg:composer/shopware/core@6.6.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8xu-y9nr-9uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/34680?format=json","purl":"pkg:composer/shopware/core@6.7.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/873688?format=json","purl":"pkg:composer/shopware/core@6.7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1"}],"aliases":["GHSA-27c9-vp3w-6ww8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhdh-f91b-kuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212312?format=json","vulnerability_id":"VCID-nzcj-wu6c-pfgw","summary":"Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4"},{"reference_url":"https://github.com/advisories/GHSA-3cpp-fv95-mpr5","reference_id":"GHSA-3cpp-fv95-mpr5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cpp-fv95-mpr5"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5","reference_id":"GHSA-3cpp-fv95-mpr5","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34676?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7"},{"url":"http://public2.vulnerablecode.io/api/packages/873685?format=json","purl":"pkg:composer/shopware/core@6.6.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8xu-y9nr-9uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/34680?format=json","purl":"pkg:composer/shopware/core@6.7.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/873688?format=json","purl":"pkg:composer/shopware/core@6.7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1"}],"aliases":["GHSA-3cpp-fv95-mpr5"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcj-wu6c-pfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149599?format=json","vulnerability_id":"VCID-p5f5-9e68-rqdd","summary":"Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22734","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53687","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53689","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53562","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53703","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22734"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22734","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22734"},{"reference_url":"https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620","reference_id":"f5a95ee2bcf1e546878450963ef1d9886e59a620","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/"}],"url":"https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620"},{"reference_url":"https://github.com/advisories/GHSA-46h7-vj7x-fxg2","reference_id":"GHSA-46h7-vj7x-fxg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46h7-vj7x-fxg2"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2","reference_id":"GHSA-46h7-vj7x-fxg2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates","reference_id":"security-update-01-2023?category=security-updates","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/607761?format=json","purl":"pkg:composer/shopware/core@6.4.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379920?format=json","purl":"pkg:composer/shopware/core@6.4.18%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1"}],"aliases":["CVE-2023-22734","GHSA-46h7-vj7x-fxg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p5f5-9e68-rqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41060?format=json","vulnerability_id":"VCID-parp-avvf-v3bu","summary":"Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3,  and 6.4, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42355","reference_id":"","reference_type":"","scores":[{"value":"0.01052","scoring_system":"epss","scoring_elements":"0.78052","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01052","scoring_system":"epss","scoring_elements":"0.78058","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01052","scoring_system":"epss","scoring_elements":"0.78045","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01052","scoring_system":"epss","scoring_elements":"0.77977","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42355"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da","reference_id":"445c6763cc093fbd651e0efaa4150deae4ae60da","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/"}],"url":"https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da"},{"reference_url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_id":"8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/"}],"url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac"},{"reference_url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_id":"a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/"}],"url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42355","reference_id":"CVE-2024-42355","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42355"},{"reference_url":"https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2","reference_id":"d35ee2eda5c995faeb08b3dad127eab65c64e2a2","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/"}],"url":"https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2"},{"reference_url":"https://github.com/advisories/GHSA-27wp-jvhw-v4xp","reference_id":"GHSA-27wp-jvhw-v4xp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27wp-jvhw-v4xp"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp","reference_id":"GHSA-27wp-jvhw-v4xp","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32942?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734405?format=json","purl":"pkg:composer/shopware/core@6.6.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/32950?format=json","purl":"pkg:composer/shopware/core@6.6.5%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1"}],"aliases":["CVE-2024-42355","GHSA-27wp-jvhw-v4xp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-parp-avvf-v3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341928?format=json","vulnerability_id":"VCID-pb4v-pcjv-3kfr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37711","reference_id":"","reference_type":"","scores":[{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.67205","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.67297","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.67311","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.6731","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37711"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37711","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37711"},{"reference_url":"https://github.com/advisories/GHSA-gcvv-gq92-x94r","reference_id":"GHSA-gcvv-gq92-x94r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcvv-gq92-x94r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382817?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2021-37711","GHSA-gcvv-gq92-x94r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb4v-pcjv-3kfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341924?format=json","vulnerability_id":"VCID-q355-4yb3-93cn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37707","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44091","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44244","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44263","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44251","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37707"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37707","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37707"},{"reference_url":"https://github.com/advisories/GHSA-9f8f-574q-8jmf","reference_id":"GHSA-9f8f-574q-8jmf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f8f-574q-8jmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382817?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2021-37707","GHSA-9f8f-574q-8jmf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q355-4yb3-93cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206478?format=json","vulnerability_id":"VCID-qadm-4us3-2ugq","summary":"Authenticated XML External Entity Processing","references":[{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-SHOPWAREPLATFORM-1019470","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-SHOPWAREPLATFORM-1019470"},{"reference_url":"https://github.com/advisories/GHSA-8xv9-qcr9-ww9j","reference_id":"GHSA-8xv9-qcr9-ww9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xv9-qcr9-ww9j"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-8xv9-qcr9-ww9j","reference_id":"GHSA-8xv9-qcr9-ww9j","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-8xv9-qcr9-ww9j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17932?format=json","purl":"pkg:composer/shopware/core@6.3.2%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.2%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["GHSA-8xv9-qcr9-ww9j","GMS-2020-587","GMS-2020-594"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qadm-4us3-2ugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41262?format=json","vulnerability_id":"VCID-qhgp-qxed-7qbc","summary":"Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42356","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62937","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.63047","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.6305","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.63038","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42356"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038","reference_id":"04183e0c02af3b404eb7d52c683734bfe0595038","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/"}],"url":"https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038"},{"reference_url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_id":"8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/"}],"url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac"},{"reference_url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_id":"a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/"}],"url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42356","reference_id":"CVE-2024-42356","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42356"},{"reference_url":"https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e","reference_id":"e43423bcc93c618c3036f94c12aa29514da8cf2e","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/"}],"url":"https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e"},{"reference_url":"https://github.com/advisories/GHSA-35jp-8cgg-p4wj","reference_id":"GHSA-35jp-8cgg-p4wj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35jp-8cgg-p4wj"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj","reference_id":"GHSA-35jp-8cgg-p4wj","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32942?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734405?format=json","purl":"pkg:composer/shopware/core@6.6.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/32950?format=json","purl":"pkg:composer/shopware/core@6.6.5%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1"}],"aliases":["CVE-2024-42356","GHSA-35jp-8cgg-p4wj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhgp-qxed-7qbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206479?format=json","vulnerability_id":"VCID-qj7g-zfwm-m7ce","summary":"Denial of Service via Cache Flooding","references":[{"reference_url":"https://github.com/advisories/GHSA-p68v-frgx-4rjp","reference_id":"GHSA-p68v-frgx-4rjp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p68v-frgx-4rjp"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-p68v-frgx-4rjp","reference_id":"GHSA-p68v-frgx-4rjp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-p68v-frgx-4rjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17932?format=json","purl":"pkg:composer/shopware/core@6.3.2%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.2%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["GHSA-p68v-frgx-4rjp","GMS-2020-589","GMS-2020-596"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qj7g-zfwm-m7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149373?format=json","vulnerability_id":"VCID-radt-bkq9-9ua5","summary":"Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22731","reference_id":"","reference_type":"","scores":[{"value":"0.02406","scoring_system":"epss","scoring_elements":"0.85413","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02406","scoring_system":"epss","scoring_elements":"0.85466","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02406","scoring_system":"epss","scoring_elements":"0.85465","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02406","scoring_system":"epss","scoring_elements":"0.85474","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22731"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22731","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22731"},{"reference_url":"https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1","reference_id":"89d1ea154689cb6202e0d3a0ceeae0febb0c09e1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1"},{"reference_url":"https://github.com/advisories/GHSA-93cw-f5jj-x85w","reference_id":"GHSA-93cw-f5jj-x85w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93cw-f5jj-x85w"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w","reference_id":"GHSA-93cw-f5jj-x85w","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates","reference_id":"security-update-01-2023?category=security-updates","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/607761?format=json","purl":"pkg:composer/shopware/core@6.4.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379920?format=json","purl":"pkg:composer/shopware/core@6.4.18%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1"}],"aliases":["CVE-2023-22731","GHSA-93cw-f5jj-x85w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-radt-bkq9-9ua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41018?format=json","vulnerability_id":"VCID-rfa4-81mz-qqd9","summary":"Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3,  and 6.4, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42354","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62735","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.6273","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62723","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62622","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42354"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_id":"8504ba7e56e53add6a1d5b9d45015e3d899cd0ac","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/"}],"url":"https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac"},{"reference_url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_id":"a784aa1cec0624e36e0ee4d41aeebaed40e0442f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/"}],"url":"https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f"},{"reference_url":"https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01","reference_id":"ad83d38809df457efef21c37ce0996430334bf01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/"}],"url":"https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42354","reference_id":"CVE-2024-42354","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42354"},{"reference_url":"https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2","reference_id":"d35ee2eda5c995faeb08b3dad127eab65c64e2a2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/"}],"url":"https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2"},{"reference_url":"https://github.com/advisories/GHSA-hhcq-ph6w-494g","reference_id":"GHSA-hhcq-ph6w-494g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhcq-ph6w-494g"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g","reference_id":"GHSA-hhcq-ph6w-494g","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32942?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734405?format=json","purl":"pkg:composer/shopware/core@6.6.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/32950?format=json","purl":"pkg:composer/shopware/core@6.6.5%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1"}],"aliases":["CVE-2024-42354","GHSA-hhcq-ph6w-494g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfa4-81mz-qqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212310?format=json","vulnerability_id":"VCID-sjfg-863y-c3fp","summary":"Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually","references":[{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be"},{"reference_url":"https://github.com/advisories/GHSA-m895-2hj3-8cg9","reference_id":"GHSA-m895-2hj3-8cg9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m895-2hj3-8cg9"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9","reference_id":"GHSA-m895-2hj3-8cg9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34676?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7"},{"url":"http://public2.vulnerablecode.io/api/packages/873685?format=json","purl":"pkg:composer/shopware/core@6.6.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8xu-y9nr-9uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/34680?format=json","purl":"pkg:composer/shopware/core@6.7.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/873688?format=json","purl":"pkg:composer/shopware/core@6.7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1"}],"aliases":["GHSA-m895-2hj3-8cg9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjfg-863y-c3fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89802?format=json","vulnerability_id":"VCID-sq4j-drbr-fub6","summary":"Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30151","reference_id":"","reference_type":"","scores":[{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74498","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74495","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74411","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74484","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30151"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30151","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30151"},{"reference_url":"https://github.com/advisories/GHSA-cgfj-hj93-rmh2","reference_id":"GHSA-cgfj-hj93-rmh2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgfj-hj93-rmh2"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2","reference_id":"GHSA-cgfj-hj93-rmh2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:47:17Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376414?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-stdp-p5h7-3kg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B17"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/792816?format=json","purl":"pkg:composer/shopware/core@6.6.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/376234?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/376231?format=json","purl":"pkg:composer/shopware/core@6.7.0%2B0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/792818?format=json","purl":"pkg:composer/shopware/core@6.7.0.0-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-9men-n7d5-63ct"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2"}],"aliases":["CVE-2025-30151","GHSA-cgfj-hj93-rmh2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sq4j-drbr-fub6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90154?format=json","vulnerability_id":"VCID-stdp-p5h7-3kg3","summary":"Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30150","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70601","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70604","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.74708","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.74636","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30150"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30150","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30150"},{"reference_url":"https://github.com/advisories/GHSA-hh7j-6x3q-f52h","reference_id":"GHSA-hh7j-6x3q-f52h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hh7j-6x3q-f52h"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h","reference_id":"GHSA-hh7j-6x3q-f52h","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:45:06Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376236?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B18"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/792816?format=json","purl":"pkg:composer/shopware/core@6.6.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/376234?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/376231?format=json","purl":"pkg:composer/shopware/core@6.7.0%2B0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/792818?format=json","purl":"pkg:composer/shopware/core@6.7.0.0-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-9men-n7d5-63ct"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2"}],"aliases":["CVE-2025-30150","GHSA-hh7j-6x3q-f52h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stdp-p5h7-3kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117184?format=json","vulnerability_id":"VCID-u41w-g79s-eyez","summary":"Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27892","reference_id":"","reference_type":"","scores":[{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79772","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79784","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.7979","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79707","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27892"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.5.8.17"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.3"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27892","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27892"},{"reference_url":"https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001"},{"reference_url":"https://github.com/advisories/GHSA-8g35-7rmw-7f59","reference_id":"GHSA-8g35-7rmw-7f59","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g35-7rmw-7f59"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59","reference_id":"GHSA-8g35-7rmw-7f59","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59"},{"reference_url":"https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/","reference_id":"rt-sa-2025-001","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/"}],"url":"https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376236?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B18"},{"url":"http://public2.vulnerablecode.io/api/packages/706583?format=json","purl":"pkg:composer/shopware/core@6.5.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/792816?format=json","purl":"pkg:composer/shopware/core@6.6.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/376234?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/376231?format=json","purl":"pkg:composer/shopware/core@6.7.0%2B0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/792818?format=json","purl":"pkg:composer/shopware/core@6.7.0.0-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-9men-n7d5-63ct"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2"}],"aliases":["CVE-2025-27892","GHSA-8g35-7rmw-7f59"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u41w-g79s-eyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62339?format=json","vulnerability_id":"VCID-ujfm-g8ne-cqhx","summary":"Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using time-based SQL-queries.  This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22406","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62221","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62223","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.6211","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62212","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22406"},{"reference_url":"https://github.com/shopware/core/commit/e2256ec81e56f792623e90d89786d8a9fcad28bf","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/core/commit/e2256ec81e56f792623e90d89786d8a9fcad28bf"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/5005213e609f5a4423fcfa92f105c3de8ab35100","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/5005213e609f5a4423fcfa92f105c3de8ab35100"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v6.5.7.4","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v6.5.7.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22406","reference_id":"CVE-2024-22406","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22406"},{"reference_url":"https://github.com/advisories/GHSA-qmp9-2xwj-m6m9","reference_id":"GHSA-qmp9-2xwj-m6m9","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qmp9-2xwj-m6m9"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9","reference_id":"GHSA-qmp9-2xwj-m6m9","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:55Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28430?format=json","purl":"pkg:composer/shopware/core@6.5.7%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/685851?format=json","purl":"pkg:composer/shopware/core@6.5.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7.4"}],"aliases":["CVE-2024-22406","GHSA-qmp9-2xwj-m6m9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujfm-g8ne-cqhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341925?format=json","vulnerability_id":"VCID-vgjj-eqzd-t7a1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37708","reference_id":"","reference_type":"","scores":[{"value":"0.07808","scoring_system":"epss","scoring_elements":"0.92166","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07808","scoring_system":"epss","scoring_elements":"0.92193","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07808","scoring_system":"epss","scoring_elements":"0.92198","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37708"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37708","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37708"},{"reference_url":"https://github.com/advisories/GHSA-xh55-2fqp-p775","reference_id":"GHSA-xh55-2fqp-p775","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh55-2fqp-p775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382817?format=json","purl":"pkg:composer/shopware/core@6.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.3%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/512895?format=json","purl":"pkg:composer/shopware/core@6.6.0.0-rc7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0-rc7"}],"aliases":["CVE-2021-37708","GHSA-xh55-2fqp-p775"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgjj-eqzd-t7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114442?format=json","vulnerability_id":"VCID-ykq7-2fy3-b7e1","summary":"Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32378","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63782","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63668","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.6377","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63783","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32378"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32378","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32378"},{"reference_url":"https://github.com/advisories/GHSA-4h9w-7vfp-px8m","reference_id":"GHSA-4h9w-7vfp-px8m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h9w-7vfp-px8m"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m","reference_id":"GHSA-4h9w-7vfp-px8m","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T17:32:57Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376414?format=json","purl":"pkg:composer/shopware/core@6.5.8%2B17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-stdp-p5h7-3kg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B17"},{"url":"http://public2.vulnerablecode.io/api/packages/793116?format=json","purl":"pkg:composer/shopware/core@6.5.8.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.17"},{"url":"http://public2.vulnerablecode.io/api/packages/792816?format=json","purl":"pkg:composer/shopware/core@6.6.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/376234?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/376231?format=json","purl":"pkg:composer/shopware/core@6.7.0%2B0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/792818?format=json","purl":"pkg:composer/shopware/core@6.7.0.0-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-4nnv-aqdx-x3gr"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-9men-n7d5-63ct"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2"}],"aliases":["CVE-2025-32378","GHSA-4h9w-7vfp-px8m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykq7-2fy3-b7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149549?format=json","vulnerability_id":"VCID-z266-zw44-13et","summary":"Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22733","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5378","published_at":"2026-06-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53909","published_at":"2026-06-14T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53905","published_at":"2026-06-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53922","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22733"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22733","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22733"},{"reference_url":"https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07","reference_id":"407a83063d7141c1a626441799c3ebef79498c07","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/"}],"url":"https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07"},{"reference_url":"https://github.com/advisories/GHSA-7cp7-jfp6-jh4f","reference_id":"GHSA-7cp7-jfp6-jh4f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cp7-jfp6-jh4f"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f","reference_id":"GHSA-7cp7-jfp6-jh4f","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f"},{"reference_url":"https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging","reference_id":"performance-tweaks#logging","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/"}],"url":"https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates","reference_id":"security-update-01-2023?category=security-updates","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/"}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/607761?format=json","purl":"pkg:composer/shopware/core@6.4.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43zt-wnjy-rudk"},{"vulnerability":"VCID-5b7t-vavj-efae"},{"vulnerability":"VCID-637f-zxjb-8ufn"},{"vulnerability":"VCID-6tys-6s4d-fqcm"},{"vulnerability":"VCID-a8xu-y9nr-9uag"},{"vulnerability":"VCID-d284-ecsh-ebhw"},{"vulnerability":"VCID-dqba-4hk6-eud2"},{"vulnerability":"VCID-g4mm-3wn7-z3dr"},{"vulnerability":"VCID-h4gh-jepq-2ue8"},{"vulnerability":"VCID-nhdh-f91b-kuex"},{"vulnerability":"VCID-nzcj-wu6c-pfgw"},{"vulnerability":"VCID-parp-avvf-v3bu"},{"vulnerability":"VCID-qhgp-qxed-7qbc"},{"vulnerability":"VCID-rfa4-81mz-qqd9"},{"vulnerability":"VCID-s7y9-5z3z-syec"},{"vulnerability":"VCID-sjfg-863y-c3fp"},{"vulnerability":"VCID-sq4j-drbr-fub6"},{"vulnerability":"VCID-stdp-p5h7-3kg3"},{"vulnerability":"VCID-u41w-g79s-eyez"},{"vulnerability":"VCID-ujfm-g8ne-cqhx"},{"vulnerability":"VCID-ykq7-2fy3-b7e1"},{"vulnerability":"VCID-zhxv-e8fu-tucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379920?format=json","purl":"pkg:composer/shopware/core@6.4.18%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1"}],"aliases":["CVE-2023-22733","GHSA-7cp7-jfp6-jh4f"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z266-zw44-13et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71472?format=json","vulnerability_id":"VCID-zhxv-e8fu-tucd","summary":"Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31887","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16072","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1605","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15931","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16084","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31887"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31887","reference_id":"CVE-2026-31887","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31887"},{"reference_url":"https://github.com/advisories/GHSA-7vvp-j573-5584","reference_id":"GHSA-7vvp-j573-5584","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vvp-j573-5584"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584","reference_id":"GHSA-7vvp-j573-5584","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:07Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40705?format=json","purl":"pkg:composer/shopware/core@6.6.10%2B15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15"},{"url":"http://public2.vulnerablecode.io/api/packages/962818?format=json","purl":"pkg:composer/shopware/core@6.6.10.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15"},{"url":"http://public2.vulnerablecode.io/api/packages/40703?format=json","purl":"pkg:composer/shopware/core@6.7.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/962823?format=json","purl":"pkg:composer/shopware/core@6.7.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1"}],"aliases":["CVE-2026-31887","GHSA-7vvp-j573-5584"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhxv-e8fu-tucd"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.3.0.0"}