shopware/storefront

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting shopware/storefrontpage 1 of 1

CVE-2022-24745MEDIUMCVSS 4.8EG 4.8✓ Fixed in 6.4.8.2
2022-03-09
vulnerable: 6.3.0.0 ... v6.2.3 (51 versions)
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experienc…
CVE-2022-24746MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.4.8.1
2022-03-09
vulnerable: 6.3.0.0 ... v6.2.3 (50 versions)
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There …
CVE-2022-24747MEDIUMCVSS 6.3EG 6.3✓ Fixed in 6.4.8.2
2022-03-09
vulnerable: 6.3.0.0 ... v6.2.3 (51 versions)
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the s…
CVE-2024-27917HIGHCVSS 7.5EG 7.5✓ Fixed in 6.5.8.7
2024-03-06
vulnerable: v6.5.8.0 ... v6.5.8.6 (7 versions)
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 40…

Check whether shopware/storefront is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for shopware/storefront CVEs against the assets you own.

Start Free Scan →