{"url":"http://public2.vulnerablecode.io/api/packages/61593?format=json","purl":"pkg:composer/shopware/core@5.0.4","type":"composer","namespace":"shopware","name":"core","version":"5.0.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.6.10.15","latest_non_vulnerable_version":"6.7.8.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43025?format=json","vulnerability_id":"VCID-94q5-7zhe-7yft","summary":"Weak Password Recovery Mechanism for Forgotten Password\nShopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52164","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52125","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52185","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52193","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52173","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52143","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892","reference_id":"CVE-2022-24892","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892"},{"reference_url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58708?format=json","purl":"pkg:composer/shopware/core@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14t2-9jjh-uyhb"},{"vulnerability":"VCID-1nfq-1dnh-x3hj"},{"vulnerability":"VCID-22r5-szkg-cfew"},{"vulnerability":"VCID-2bzu-jddv-q7gy"},{"vulnerability":"VCID-38pe-b8nt-73gm"},{"vulnerability":"VCID-4fkz-vqwt-c3f4"},{"vulnerability":"VCID-4han-wpdy-nfew"},{"vulnerability":"VCID-4m2y-d8vg-b7fj"},{"vulnerability":"VCID-5f2j-cjfz-13a6"},{"vulnerability":"VCID-6ag9-41qf-7kg1"},{"vulnerability":"VCID-7hse-bftv-dudy"},{"vulnerability":"VCID-7ye9-bm6v-qybc"},{"vulnerability":"VCID-8a7v-6u8f-1bgw"},{"vulnerability":"VCID-8uw6-1xqy-xbd3"},{"vulnerability":"VCID-9ksd-2p9q-bkbx"},{"vulnerability":"VCID-a22b-gnbv-skec"},{"vulnerability":"VCID-a9x5-7d88-x3gy"},{"vulnerability":"VCID-avzz-tczy-y7d3"},{"vulnerability":"VCID-brge-9sbd-r3b6"},{"vulnerability":"VCID-bzfr-72q4-vfbh"},{"vulnerability":"VCID-carh-gr9g-vqfs"},{"vulnerability":"VCID-d8zx-6gre-43bf"},{"vulnerability":"VCID-daqf-77y8-dya1"},{"vulnerability":"VCID-ef55-3mp4-7khx"},{"vulnerability":"VCID-fkbu-cs9b-5kdq"},{"vulnerability":"VCID-fwh2-p73c-wkg5"},{"vulnerability":"VCID-gqq9-fu97-yycr"},{"vulnerability":"VCID-guds-2g3f-kqdu"},{"vulnerability":"VCID-hq7q-hbbd-7yea"},{"vulnerability":"VCID-hydh-s4nh-2bct"},{"vulnerability":"VCID-hyjy-jt8a-xqfu"},{"vulnerability":"VCID-hymt-whub-abag"},{"vulnerability":"VCID-k46b-gxuz-vyb7"},{"vulnerability":"VCID-mjqw-k8vw-a3f5"},{"vulnerability":"VCID-mnvh-4mq4-hkeh"},{"vulnerability":"VCID-mtmv-v5sx-eqg7"},{"vulnerability":"VCID-n6pq-9vew-2uhy"},{"vulnerability":"VCID-p1jm-k5y2-h3bp"},{"vulnerability":"VCID-pzgj-ayv2-aygj"},{"vulnerability":"VCID-q5p6-3znn-s3ab"},{"vulnerability":"VCID-qqvx-y8cd-2yhv"},{"vulnerability":"VCID-rxhq-fukk-93ek"},{"vulnerability":"VCID-s9v4-n95f-tqbm"},{"vulnerability":"VCID-sufc-w77t-pufy"},{"vulnerability":"VCID-t2hg-m8tr-7fgf"},{"vulnerability":"VCID-tahr-n29c-v3fw"},{"vulnerability":"VCID-v51t-h468-37ez"},{"vulnerability":"VCID-vajj-mrd3-kkfh"},{"vulnerability":"VCID-w2jq-5a2z-q3cr"},{"vulnerability":"VCID-w85b-b7st-y3bq"},{"vulnerability":"VCID-wqzh-j9n5-eqbn"},{"vulnerability":"VCID-wus7-qmwk-3ygs"},{"vulnerability":"VCID-x5r9-wrf3-myc5"},{"vulnerability":"VCID-y48k-b7wt-6khu"},{"vulnerability":"VCID-zpm7-dc1q-7qf9"},{"vulnerability":"VCID-zrbg-5afh-9ybc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.1.0"}],"aliases":["CVE-2022-24892","GHSA-3qrq-r688-vvh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94q5-7zhe-7yft"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@5.0.4"}