{"url":"http://public2.vulnerablecode.io/api/packages/60544?format=json","purl":"pkg:composer/shopware/platform@5.0.4","type":"composer","namespace":"shopware","name":"platform","version":"5.0.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15630?format=json","vulnerability_id":"VCID-mg54-375u-vfhr","summary":"Weak Password Recovery Mechanism for Forgotten Password\nShopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52104","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892","reference_id":"CVE-2022-24892","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892"},{"reference_url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57699?format=json","purl":"pkg:composer/shopware/platform@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2e24-h4wg-6fgy"},{"vulnerability":"VCID-39t8-qfg3-5ud9"},{"vulnerability":"VCID-39y7-ay38-m7dz"},{"vulnerability":"VCID-4utq-b4t9-rke4"},{"vulnerability":"VCID-4zqz-zy4a-fkew"},{"vulnerability":"VCID-5393-j7pp-tqa2"},{"vulnerability":"VCID-5bgr-4hjq-p7b3"},{"vulnerability":"VCID-5ghb-b3uc-pyfm"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6k6u-ayrc-a3ep"},{"vulnerability":"VCID-9hjb-uzn8-ykge"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-ar86-d93y-4ydr"},{"vulnerability":"VCID-e4f4-pjy9-7fdx"},{"vulnerability":"VCID-etyg-tj8j-1bgd"},{"vulnerability":"VCID-hrfq-4q7c-rkg4"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-k7ef-7dry-bqb9"},{"vulnerability":"VCID-kum3-33mh-fuaf"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-qp9r-3zvm-pybb"},{"vulnerability":"VCID-rngr-nse9-vfae"},{"vulnerability":"VCID-s891-7fx6-k7e8"},{"vulnerability":"VCID-tz18-7c2s-u3ex"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wdc4-uy1a-ybec"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-ytyw-bvr5-rbbt"},{"vulnerability":"VCID-zckw-v4cj-q7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.1.0"}],"aliases":["CVE-2022-24892","GHSA-3qrq-r688-vvh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mg54-375u-vfhr"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@5.0.4"}