Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ytyw-bvr5-rbbt
Vulnerability ID VCID-ytyw-bvr5-rbbt
Aliases GHSA-c7vg-w8q8-c3wf
Summary Duplicate Advisory: Session Fixation ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h9q8-5gv2-v6mg. This link is maintained to preserve external references. ## Original Description Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-384 Session Fixation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-c7vg-w8q8-c3wf
cvssv3.1 5.9 https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e
generic_textual MODERATE https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e
cvssv3.1 5.9 https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg
generic_textual MODERATE https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32710
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-32710
Reference id Reference type URL
https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e
CVE-2021-32710 https://nvd.nist.gov/vuln/detail/CVE-2021-32710
GHSA-c7vg-w8q8-c3wf https://github.com/advisories/GHSA-c7vg-w8q8-c3wf
GHSA-h9q8-5gv2-v6mg https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-32710
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-30T20:55:49.617468+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/platform/GHSA-c7vg-w8q8-c3wf.yml 38.6.0