shopware/platform vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the shopware/platform package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Information Exposure Through Caching	>=6.5.8.0, <6.5.8.7
H Incomplete List of Disallowed Inputs	<6.4.20.1
C Arbitrary Code Execution	>=6.1.0, <6.4.18.1
L Insufficient Session Expiration	>=6.1.0, <6.4.18.1
M Improper Input Validation	>=6.1.0, <6.4.18.1
M Improper Input Validation	>=6.1.0, <6.4.18.1
L Information Exposure	>=6.1.0, <6.4.18.1
H Improper Access Control	<6.4.10.1
M Server-side Request Forgery (SSRF)	<6.4.10.1
L Insufficient Session Expiration	<6.4.8.1
L Session Fixation	<6.4.8.2
M Cross-site Scripting (XSS)	<6.4.8.1
M Information Exposure	<6.4.8.2
M Improper Access Control	<6.4.8.2
M Webcache Poisoning	<6.4.6.1
M Cross-site Scripting (XSS)	<6.4.3.1
L Access Restriction Bypass	<6.4.1.1
M Privilege Escalation	<6.4.1.1
M Information Exposure	<6.4.1.1
M Session Fixation	<6.3.5.2
C Information Exposure	<6.3.5.1
M Improper Input Validation	<6.4.1.1
H Access Restriction Bypass	<6.4.1.1
C Information Exposure	<6.3.5.3
C Information Exposure	<6.3.5.3
M Session Fixation	<6.3.5.2
M Remote Code Execution (RCE)	<6.3.5.2
M Information Exposure	<6.3.5.1
L Insecure Defaults	<6.3.5.1
M Privilege Escalation	<6.3.4.1
M Information Exposure	<6.3.4.1
M Server-side Request Forgery (SSRF)	<6.3.4.1
M XML External Entity (XXE) Injection	<6.3.2.1
M Denial of Service (DoS)	<6.3.2.1
M Cross-site Scripting (XSS)	<6.3.1.1
M Arbitrary Code Execution	<6.3.1.1
C Cross-site Scripting (XSS)	<6.2.3
M Server-side Request Forgery (SSRF)	<6.2.3
H Information Exposure	<6.2.3