Search for vulnerabilities
| Vulnerability ID | VCID-3p2z-hcws-z3b4 |
| Aliases |
GHSA-3cpp-fv95-mpr5
|
| Summary | Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Server-Side Request Forgery (SSRF) is a vulnerability that enables a malicious actor to manipulate an application server into performing HTTP requests to arbitrary domains. SSRF is commonly exploited to make the server initiate requests to its internal systems or other services within the same network, which are typically not exposed to external users. In some cases, SSRF can also be used to target external systems. A successful SSRF attack can result in unauthorized actions or access to data within the organization, the web application itself, or other backend systems the application communicates with. In worst-case scenario, a SSRF vulnerability can be exploited to execute malicious code on the server. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | LOW | https://github.com/advisories/GHSA-3cpp-fv95-mpr5 |
| cvssv3.1_qr | LOW | https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/shopware/shopware | ||
| https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4 | ||
| GHSA-3cpp-fv95-mpr5 | https://github.com/advisories/GHSA-3cpp-fv95-mpr5 | |
| GHSA-3cpp-fv95-mpr5 | https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:04:29.794772+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/platform/GHSA-3cpp-fv95-mpr5.yml | 38.6.0 |