shopware/core Security Advisories for 6.4.0.0-RC1 (22)
-
Improper Control of Generation of Code in Twig rendered views
Affected version: <=6.4.20.0
Reported by:
GitHub -
Shopware has Improper Input Validation issue in newsletter subscription
Affected version: <=6.4.18.0
Reported by:
GitHub -
Shopware has Insufficient Session Expiration in Administration
Affected version: <=6.4.18.0
Reported by:
GitHub -
Shopware's log module vulnerable to Improper Output Neutralization
Affected version: <=6.4.18.0
Reported by:
GitHub -
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Affected version: <=6.4.18.0
Reported by:
GitHub -
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Affected version: <=6.4.18.0
Reported by:
GitHub -
Reported by:
GitHub -
Reported by:
GitHub -
HTTP caching is marking private HTTP headers as public in Shopware
Affected version: <=6.4.8.1
Reported by:
GitHub -
HTML injection possibility in voucher code form in Shopware
Affected version: <=6.4.8.0
Reported by:
GitHub -
Shopware user session is not logged out if the password is reset via password recovery
Affected version: <=6.4.8.0
Reported by:
GitHub -
Webcache Poisoning in shopware/platform and shopware/core
Affected version: <=6.4.6.0
Reported by:
GitHub -
Insecure direct object reference of log files of the Import/Export feature
Affected version: <=6.4.3.0
Reported by:
GitHub -
Reported by:
GitHub -
Reported by:
GitHub -
Reported by:
GitHub -
Authenticated server-side request forgery in file upload via URL.
Affected version: <=6.4.3.0
Reported by:
GitHub -
non-admin users can create integration role with administrator role
Affected version: <=6.4.1.0
Reported by:
GitHub -
Internal hidden fields are visible on to many associations in admin api
Affected version: <=6.4.1.0
Reported by:
GitHub -
Private files publicly accessible with Cloud Storage providers
Affected version: <=6.4.1.0
Reported by:
GitHub -
Creation of order credits was not validated by acl in admin orders
Affected version: <=6.4.1.0
Reported by:
GitHub -
Canceling of orders not related to the logged-in user
Affected version: <=6.4.1.0
Reported by:
GitHub