{"url":"http://public2.vulnerablecode.io/api/packages/60552?format=json","purl":"pkg:composer/shopware/core@5.2.0","type":"composer","namespace":"shopware","name":"core","version":"5.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.6.10.15","latest_non_vulnerable_version":"6.7.8.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15631?format=json","vulnerability_id":"VCID-8n77-xfpc-sucm","summary":"Cross-Site Request Forgery (CSRF)\nShopware is an open source e-commerce software platform. Versions prior to 5.7.9 is vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24879","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3314","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24879"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24879","reference_id":"CVE-2022-24879","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24879"},{"reference_url":"https://github.com/advisories/GHSA-pf38-v6qj-j23h","reference_id":"GHSA-pf38-v6qj-j23h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf38-v6qj-j23h"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h","reference_id":"GHSA-pf38-v6qj-j23h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57696?format=json","purl":"pkg:composer/shopware/core@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ec-4z53-q7hd"},{"vulnerability":"VCID-2e24-h4wg-6fgy"},{"vulnerability":"VCID-31b9-4w7t-n3da"},{"vulnerability":"VCID-39y7-ay38-m7dz"},{"vulnerability":"VCID-3p2z-hcws-z3b4"},{"vulnerability":"VCID-45c8-9fte-y7fm"},{"vulnerability":"VCID-4utq-b4t9-rke4"},{"vulnerability":"VCID-4zqz-zy4a-fkew"},{"vulnerability":"VCID-5393-j7pp-tqa2"},{"vulnerability":"VCID-5bgr-4hjq-p7b3"},{"vulnerability":"VCID-5ghb-b3uc-pyfm"},{"vulnerability":"VCID-5tjh-39gd-g3ar"},{"vulnerability":"VCID-5z7q-3da6-63dr"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6k6u-ayrc-a3ep"},{"vulnerability":"VCID-6v1h-g9hh-5kad"},{"vulnerability":"VCID-6vfe-2cwh-e7cn"},{"vulnerability":"VCID-9hjb-uzn8-ykge"},{"vulnerability":"VCID-9jcq-1fkg-93ep"},{"vulnerability":"VCID-9kmz-t28b-kkdp"},{"vulnerability":"VCID-ar86-d93y-4ydr"},{"vulnerability":"VCID-b9t6-7zka-gfgd"},{"vulnerability":"VCID-bycs-7pf1-gyh8"},{"vulnerability":"VCID-ccch-r91n-8qa8"},{"vulnerability":"VCID-e3k5-qm7p-23g5"},{"vulnerability":"VCID-e4f4-pjy9-7fdx"},{"vulnerability":"VCID-frqw-53vf-7uh3"},{"vulnerability":"VCID-gmq8-qwj4-rue1"},{"vulnerability":"VCID-haw2-8dpg-zkbz"},{"vulnerability":"VCID-hrfq-4q7c-rkg4"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-j9xx-2dhk-9ufs"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-jyjy-zjf1-z7fv"},{"vulnerability":"VCID-k7ef-7dry-bqb9"},{"vulnerability":"VCID-kjrr-mz1q-vkcw"},{"vulnerability":"VCID-kum3-33mh-fuaf"},{"vulnerability":"VCID-pj2t-p678-3yft"},{"vulnerability":"VCID-q2mg-s858-p3c2"},{"vulnerability":"VCID-qczj-f83h-5bbp"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-qp9r-3zvm-pybb"},{"vulnerability":"VCID-s863-ffh6-tfgx"},{"vulnerability":"VCID-s891-7fx6-k7e8"},{"vulnerability":"VCID-tz18-7c2s-u3ex"},{"vulnerability":"VCID-usf8-ekch-v7b4"},{"vulnerability":"VCID-w8xv-dkms-xbc2"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wdc4-uy1a-ybec"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-ycdn-z1n4-m7ce"},{"vulnerability":"VCID-zckw-v4cj-q7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.1.0"}],"aliases":["CVE-2022-24879","GHSA-pf38-v6qj-j23h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8n77-xfpc-sucm"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@5.2.0"}