Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/shopware/core@6.6.5%2B0
Typecomposer
Namespaceshopware
Namecore
Version6.6.5+0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.10.15
Latest_non_vulnerable_version6.7.8.1
Affected_by_vulnerabilities
0
url VCID-14t2-9jjh-uyhb
vulnerability_id VCID-14t2-9jjh-uyhb
summary 
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON.

The processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used.

This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42354
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62558
published_at 2026-06-07T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.62557
published_at 2026-06-09T12:55:00Z
2
value 0.00424
scoring_system epss
scoring_elements 0.62543
published_at 2026-06-08T12:55:00Z
3
value 0.00424
scoring_system epss
scoring_elements 0.62567
published_at 2026-06-06T12:55:00Z
4
value 0.00424
scoring_system epss
scoring_elements 0.62559
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42354
1
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
2
reference_url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
3
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
4
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
5
reference_url https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42354
reference_id CVE-2024-42354
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42354
7
reference_url https://github.com/advisories/GHSA-hhcq-ph6w-494g
reference_id GHSA-hhcq-ph6w-494g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhcq-ph6w-494g
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
reference_id GHSA-hhcq-ph6w-494g
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
fixed_packages
0
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5f2j-cjfz-13a6
1
vulnerability VCID-9ksd-2p9q-bkbx
2
vulnerability VCID-avzz-tczy-y7d3
3
vulnerability VCID-fkbu-cs9b-5kdq
4
vulnerability VCID-hydh-s4nh-2bct
5
vulnerability VCID-k46b-gxuz-vyb7
6
vulnerability VCID-mtmv-v5sx-eqg7
7
vulnerability VCID-p1jm-k5y2-h3bp
8
vulnerability VCID-q5p6-3znn-s3ab
9
vulnerability VCID-sufc-w77t-pufy
10
vulnerability VCID-tahr-n29c-v3fw
11
vulnerability VCID-w2jq-5a2z-q3cr
12
vulnerability VCID-zpm7-dc1q-7qf9
13
vulnerability VCID-zrbg-5afh-9ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
1
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42354, GHSA-hhcq-ph6w-494g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14t2-9jjh-uyhb
1
url VCID-8a7v-6u8f-1bgw
vulnerability_id VCID-8a7v-6u8f-1bgw
summary 
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
The `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function.

Example call from PHP:

```php
$context->scope(Context::SYSTEM_SCOPE, static function (Context $context) use ($mediaService, $media, &$fileBlob): void {
$fileBlob = $mediaService->loadFile($media->getId(), $context);
});
```

This function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method.

It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42356
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62857
published_at 2026-06-08T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.62872
published_at 2026-06-09T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.62882
published_at 2026-06-06T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.62873
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42356
1
reference_url https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038
2
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
3
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
4
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
5
reference_url https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42356
reference_id CVE-2024-42356
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42356
7
reference_url https://github.com/advisories/GHSA-35jp-8cgg-p4wj
reference_id GHSA-35jp-8cgg-p4wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jp-8cgg-p4wj
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj
reference_id GHSA-35jp-8cgg-p4wj
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj
fixed_packages
0
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5f2j-cjfz-13a6
1
vulnerability VCID-9ksd-2p9q-bkbx
2
vulnerability VCID-avzz-tczy-y7d3
3
vulnerability VCID-fkbu-cs9b-5kdq
4
vulnerability VCID-hydh-s4nh-2bct
5
vulnerability VCID-k46b-gxuz-vyb7
6
vulnerability VCID-mtmv-v5sx-eqg7
7
vulnerability VCID-p1jm-k5y2-h3bp
8
vulnerability VCID-q5p6-3znn-s3ab
9
vulnerability VCID-sufc-w77t-pufy
10
vulnerability VCID-tahr-n29c-v3fw
11
vulnerability VCID-w2jq-5a2z-q3cr
12
vulnerability VCID-zpm7-dc1q-7qf9
13
vulnerability VCID-zrbg-5afh-9ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
1
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42356, GHSA-35jp-8cgg-p4wj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8a7v-6u8f-1bgw
2
url VCID-hq7q-hbbd-7yea
vulnerability_id VCID-hq7q-hbbd-7yea
summary 
Shopware vulnerable to blind SQL-injection in DAL aggregations
The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations”
object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42357
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74739
published_at 2026-06-05T12:55:00Z
1
value 0.00817
scoring_system epss
scoring_elements 0.74742
published_at 2026-06-09T12:55:00Z
2
value 0.00817
scoring_system epss
scoring_elements 0.74716
published_at 2026-06-08T12:55:00Z
3
value 0.00817
scoring_system epss
scoring_elements 0.74732
published_at 2026-06-07T12:55:00Z
4
value 0.00817
scoring_system epss
scoring_elements 0.74744
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42357
1
reference_url https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9
2
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
3
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
4
reference_url https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
5
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42357
reference_id CVE-2024-42357
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42357
7
reference_url https://github.com/advisories/GHSA-p6w9-r443-r752
reference_id GHSA-p6w9-r443-r752
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6w9-r443-r752
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752
reference_id GHSA-p6w9-r443-r752
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752
fixed_packages
0
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5f2j-cjfz-13a6
1
vulnerability VCID-9ksd-2p9q-bkbx
2
vulnerability VCID-avzz-tczy-y7d3
3
vulnerability VCID-fkbu-cs9b-5kdq
4
vulnerability VCID-hydh-s4nh-2bct
5
vulnerability VCID-k46b-gxuz-vyb7
6
vulnerability VCID-mtmv-v5sx-eqg7
7
vulnerability VCID-p1jm-k5y2-h3bp
8
vulnerability VCID-q5p6-3znn-s3ab
9
vulnerability VCID-sufc-w77t-pufy
10
vulnerability VCID-tahr-n29c-v3fw
11
vulnerability VCID-w2jq-5a2z-q3cr
12
vulnerability VCID-zpm7-dc1q-7qf9
13
vulnerability VCID-zrbg-5afh-9ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
1
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42357, GHSA-p6w9-r443-r752
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hq7q-hbbd-7yea
3
url VCID-rxhq-fukk-93ek
vulnerability_id VCID-rxhq-fukk-93ek
summary 
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Shopware has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag.
It accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42355
reference_id
reference_type
scores
0
value 0.01052
scoring_system epss
scoring_elements 0.77937
published_at 2026-06-09T12:55:00Z
1
value 0.01052
scoring_system epss
scoring_elements 0.77918
published_at 2026-06-08T12:55:00Z
2
value 0.01052
scoring_system epss
scoring_elements 0.77929
published_at 2026-06-07T12:55:00Z
3
value 0.01052
scoring_system epss
scoring_elements 0.77938
published_at 2026-06-06T12:55:00Z
4
value 0.01052
scoring_system epss
scoring_elements 0.77932
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42355
1
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
2
reference_url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
3
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
4
reference_url https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da
5
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42355
reference_id CVE-2024-42355
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42355
7
reference_url https://github.com/advisories/GHSA-27wp-jvhw-v4xp
reference_id GHSA-27wp-jvhw-v4xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27wp-jvhw-v4xp
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp
reference_id GHSA-27wp-jvhw-v4xp
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp
fixed_packages
0
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5f2j-cjfz-13a6
1
vulnerability VCID-9ksd-2p9q-bkbx
2
vulnerability VCID-avzz-tczy-y7d3
3
vulnerability VCID-fkbu-cs9b-5kdq
4
vulnerability VCID-hydh-s4nh-2bct
5
vulnerability VCID-k46b-gxuz-vyb7
6
vulnerability VCID-mtmv-v5sx-eqg7
7
vulnerability VCID-p1jm-k5y2-h3bp
8
vulnerability VCID-q5p6-3znn-s3ab
9
vulnerability VCID-sufc-w77t-pufy
10
vulnerability VCID-tahr-n29c-v3fw
11
vulnerability VCID-w2jq-5a2z-q3cr
12
vulnerability VCID-zpm7-dc1q-7qf9
13
vulnerability VCID-zrbg-5afh-9ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
1
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42355, GHSA-27wp-jvhw-v4xp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxhq-fukk-93ek
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B0