Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. PoC Run the following script in...

Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

GHSA-JP6H-MXHX-PGQH Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

Session Fixation

shopware/platform is vulnerable to session fixation. Remote unauthenticated attackers are able to gain access to guest sessions because the sessions are shared between customers when HTTP cache is enabled, resulting in inconsistent experiences for guest users...

CVE-2022-24745

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

Design/Logic Flaw

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

CVE-2022-24745

CVE-2022-24745 affects Shopware (Shopware platform) when HTTP caching is enabled. The issue allows guest sessions to be shared between customers due to improper handling of HTTP cache headers in affected versions (Varnish setups are not affected). Root cause is related to caching behavior that ex...

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

Mageia: Security Advisory (MGASA-2020-0332)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0435)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database https://github.com/pypa/advisory-db via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from...

EulerOS 2.0 SP2 : squid (EulerOS-SA-2021-1363)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack c...

Squid < 4.12 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.3 or prior to 4.12. It is, therefore, affected by multiple vulnerabilities: - Due to an incorrect synchronization, Squid is vulnerable to a denial of service attack when processing objects ...

CVE-2020-8587

OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs...

Node.js third-party modules: Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN

I would like to report possible cache poisoning in Fastify It allows an attacker to perform an cache poisoning when Fastify is used in combination with a http cache / CDN. Module module name: Fastify version: 3.x npm page: https://www.npmjs.com/package/fastify Module Description Fast and low...

RHEL 7 : squid (RHSA-2020:4082)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: HTTP...

Updated squid packages fix security vulnerability

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic an...

MGASA-2020-0332 Updated squid packages fix security vulnerability

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic an...