Security Advisories - shopware/shopware - Packagist

shopware/shopware Security Advisories for v5.7.14 (5)

[MEDIUM] Shopware improper mail validation vulnerability

PKSA-d7p2-r2dc-fk8q CVE-2023-34099 GHSA-gh66-fp7j-98v5

Affected version: >=5.1.4,<=5.7.17

Reported by:
GitHub
[MEDIUM] Shopware dependency configuration exposed

PKSA-w5gn-7nnv-hgff CVE-2023-34098 GHSA-q97c-2mh3-pgw9

Affected version: >=5.6.0,<=5.7.17

Reported by:
GitHub
[MEDIUM] Shopware contains sensitive data in backend customer module

PKSA-81h5-g5kv-7ncc CVE-2022-36101 GHSA-6vfq-jmxg-g58r

Affected version: <=5.7.14

Reported by:
GitHub
[MEDIUM] Shopware access control list bypassed via crafted specific URLs

PKSA-znm8-j44y-tzqy CVE-2022-36102 GHSA-qc43-pgwq-3q2q

Affected version: <=5.7.14

Reported by:
GitHub
[HIGH] Shopware database password is leaked to an unauthenticated users

PKSA-9ghf-ccy2-rddt CVE-2020-13997 GHSA-r4ph-mx67-x58p

Affected version: <6.2.3

Reported by:
GitHub