Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api

🗓️ 08 Aug 2024 14:42:58Reported by GitHub Advisory DatabaseType

Shopware store-API vulnerable to Improper Access Contro

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-42354	8 Aug 202418:04	–	circl
CNNVD	Shopware 安全漏洞	8 Aug 202400:00	–	cnnvd
CVE	CVE-2024-42354	8 Aug 202414:44	–	cve
Cvelist	CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api	8 Aug 202414:44	–	cvelist
EUVD	EUVD-2024-2597	3 Oct 202520:07	–	euvd
NVD	CVE-2024-42354	8 Aug 202415:15	–	nvd
OSV	CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api	8 Aug 202414:44	–	osv
OSV	GHSA-HHCQ-PH6W-494G Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api	8 Aug 202414:42	–	osv
Positive Technologies	PT-2024-29890 · Shopware · Shopware	8 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-42354	23 May 202507:54	–	redhatcve

Vulners

Node

shopware platformRange6.6.0.0–6.6.5.0composer

shopware coreRange6.6.0.0–6.6.5.0composer

shopware platformRange≤6.5.8.12composer

shopware coreRange≤6.5.8.12composer

Source	Link
github	www.github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
github	www.github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
github	www.github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
github	www.github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
github	www.github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-42354
github	www.github.com/advisories/GHSA-hhcq-ph6w-494g

12 Aug 2024 19:17Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.3 - 5.9

EPSS0.00424

SSVC