shopware/core Security Advisories for 6.4.18.1 (4)
-
[MEDIUM] Shopware Improper Session Handling in store-api account logout
PKSA-s8vz-878v-gv1c CVE-2024-31447 GHSA-5297-wrrp-rcj7
Affected version: >=6.6.0.0-rc1,<6.6.1.0|>=6.3.5.0,<6.5.8.8
Reported by:
GitHub -
[MEDIUM] Broken Access Control order API in Shopware
PKSA-mm7q-gnjj-tttn CVE-2024-22407 GHSA-3867-jc5c-66qf
Affected version: <=6.5.7.3
Reported by:
GitHub -
[CRITICAL] Blind SQL injection in shopware
PKSA-ktmn-6519-qrdp CVE-2024-22406 GHSA-qmp9-2xwj-m6m9
Affected version: <=6.5.7.3
Reported by:
GitHub -
[HIGH] Improper Control of Generation of Code in Twig rendered views
PKSA-kd1k-vbw9-69fx CVE-2023-2017 GHSA-7v2v-9rm4-7m8f
Affected version: <=6.4.20.0
Reported by:
GitHub