[MEDIUM] HTTP caching is marking private HTTP headers as public in Shopware

PKSA-jkxk-vsfj-5htm CVE-2022-24747 GHSA-6wrh-279j-6hvw

Affected version: <=6.4.8.1

Reported by:
GitHub

[MEDIUM] HTML injection possibility in voucher code form in Shopware

PKSA-8jwr-9m26-8fx2 CVE-2022-24746 GHSA-952p-fqcp-g8pc

Affected version: <=6.4.8.0

Reported by:
GitHub

[MEDIUM] Shopware guest session is shared between customers

PKSA-yfgt-8j4b-756q CVE-2022-24745 GHSA-jp6h-mxhx-pgqh

Affected version: <=6.4.8.1

Reported by:
GitHub