Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/shopware/platform@6.1.0
Typecomposer
Namespaceshopware
Nameplatform
Version6.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.3
Latest_non_vulnerable_version6.2.3
Affected_by_vulnerabilities
0
url VCID-5393-j7pp-tqa2
vulnerability_id VCID-5393-j7pp-tqa2
summary 
Improper Input Validation
Shopware is an open source eCommerce platform. contain a vulnerability that allows manipulation of product reviews via API. contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37707
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44007
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37707
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37707
reference_id CVE-2021-37707
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37707
5
reference_url https://github.com/advisories/GHSA-9f8f-574q-8jmf
reference_id GHSA-9f8f-574q-8jmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f8f-574q-8jmf
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37707, GHSA-9f8f-574q-8jmf
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5393-j7pp-tqa2
1
url VCID-s891-7fx6-k7e8
vulnerability_id VCID-s891-7fx6-k7e8
summary 
Server-Side Request Forgery (SSRF)
Shopware contains an authenticated server-side request forgery vulnerability in file upload via URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37711
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67077
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37711
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37711
reference_id CVE-2021-37711
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37711
5
reference_url https://github.com/advisories/GHSA-gcvv-gq92-x94r
reference_id GHSA-gcvv-gq92-x94r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gcvv-gq92-x94r
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37711, GHSA-gcvv-gq92-x94r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s891-7fx6-k7e8
2
url VCID-wdc4-uy1a-ybec
vulnerability_id VCID-wdc4-uy1a-ybec
summary 
Command Injection
Shopware is an open source eCommerce platform. contain a command injection vulnerability in mail agent settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37708
reference_id
reference_type
scores
0
value 0.07808
scoring_system epss
scoring_elements 0.92101
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37708
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37708
reference_id CVE-2021-37708
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37708
5
reference_url https://github.com/advisories/GHSA-xh55-2fqp-p775
reference_id GHSA-xh55-2fqp-p775
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh55-2fqp-p775
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37708, GHSA-xh55-2fqp-p775
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdc4-uy1a-ybec
Fixing_vulnerabilities
0
url VCID-8n77-xfpc-sucm
vulnerability_id VCID-8n77-xfpc-sucm
summary 
Cross-Site Request Forgery (CSRF)
Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 is vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24879
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.3314
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24879
1
reference_url https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/
url https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://www.shopware.com/en/changelog-sw5/#5-7-9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/
url https://www.shopware.com/en/changelog-sw5/#5-7-9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24879
reference_id CVE-2022-24879
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24879
5
reference_url https://github.com/advisories/GHSA-pf38-v6qj-j23h
reference_id GHSA-pf38-v6qj-j23h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf38-v6qj-j23h
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h
reference_id GHSA-pf38-v6qj-j23h
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h
fixed_packages
0
url pkg:composer/shopware/platform@6.1.0
purl pkg:composer/shopware/platform@6.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5393-j7pp-tqa2
1
vulnerability VCID-s891-7fx6-k7e8
2
vulnerability VCID-wdc4-uy1a-ybec
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.1.0
aliases CVE-2022-24879, GHSA-pf38-v6qj-j23h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n77-xfpc-sucm
1
url VCID-961c-853p-xyfv
vulnerability_id VCID-961c-853p-xyfv
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Shopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41188
reference_id
reference_type
scores
0
value 0.00512
scoring_system epss
scoring_elements 0.66793
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41188
1
reference_url https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58
4
reference_url https://github.com/shopware/shopware/releases/tag/v5.7.6
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v5.7.6
5
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9
6
reference_url https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41188
reference_id CVE-2021-41188
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41188
8
reference_url https://github.com/advisories/GHSA-4p3x-8qw9-24w9
reference_id GHSA-4p3x-8qw9-24w9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p3x-8qw9-24w9
fixed_packages
0
url pkg:composer/shopware/platform@6.1.0
purl pkg:composer/shopware/platform@6.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5393-j7pp-tqa2
1
vulnerability VCID-s891-7fx6-k7e8
2
vulnerability VCID-wdc4-uy1a-ybec
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.1.0
aliases CVE-2021-41188, GHSA-4p3x-8qw9-24w9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-961c-853p-xyfv
2
url VCID-cmgu-xukg-cfdz
vulnerability_id VCID-cmgu-xukg-cfdz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24873
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60845
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24873
1
reference_url https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/
url https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://www.shopware.com/en/changelog-sw5/#5-7-9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/
url https://www.shopware.com/en/changelog-sw5/#5-7-9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24873
reference_id CVE-2022-24873
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24873
5
reference_url https://github.com/advisories/GHSA-4g29-fccr-p59w
reference_id GHSA-4g29-fccr-p59w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g29-fccr-p59w
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w
reference_id GHSA-4g29-fccr-p59w
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w
fixed_packages
0
url pkg:composer/shopware/platform@6.1.0
purl pkg:composer/shopware/platform@6.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5393-j7pp-tqa2
1
vulnerability VCID-s891-7fx6-k7e8
2
vulnerability VCID-wdc4-uy1a-ybec
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.1.0
aliases CVE-2022-24873, GHSA-4g29-fccr-p59w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmgu-xukg-cfdz
3
url VCID-mg54-375u-vfhr
vulnerability_id VCID-mg54-375u-vfhr
summary 
Weak Password Recovery Mechanism for Forgotten Password
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24892
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52104
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24892
1
reference_url https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/
url https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://www.shopware.com/en/changelog-sw5/#5-7-9
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/
url https://www.shopware.com/en/changelog-sw5/#5-7-9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24892
reference_id CVE-2022-24892
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24892
5
reference_url https://github.com/advisories/GHSA-3qrq-r688-vvh4
reference_id GHSA-3qrq-r688-vvh4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qrq-r688-vvh4
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4
reference_id GHSA-3qrq-r688-vvh4
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4
fixed_packages
0
url pkg:composer/shopware/platform@6.1.0
purl pkg:composer/shopware/platform@6.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5393-j7pp-tqa2
1
vulnerability VCID-s891-7fx6-k7e8
2
vulnerability VCID-wdc4-uy1a-ybec
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.1.0
aliases CVE-2022-24892, GHSA-3qrq-r688-vvh4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mg54-375u-vfhr
Risk_score0.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.1.0