GHSA-QG7C-Q3VQ-RGXR Leak of information via Store-API aggregations in shopware/platform and shopware/core

Impact Leak of information via Store-API Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of 6.1 and...

Leak of information via Store-API aggregations in shopware/platform and shopware/core

Impact Leak of information via Store-API Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of 6.1 and...

GHSA-F2VV-H5X4-57GR Leak of information via Store-API

Impact Leak of information via Store-API Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 The vulnerability could only be fixed by...

Leak of information via Store-API

Impact Leak of information via Store-API Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 The vulnerability could only be fixed by...

PT-2021-19877

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.3.5.1 Description The issue is related to a leak of information via the Store-API. This could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-A...

CVE-2019-15569

HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java...

Sql injection

HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java...

CVE-2019-15569

Summary (CVE-2019-15569): HM Courts & Tribunals CCD data-store-api prior to 2019-06-10 is vulnerable to SQL injection, as reported in multiple sources. The issue affects the data-store API’s query handling, specifically related to SearchQueryFactoryOperation.java and SortDirection.java, allowing ...

CVE-2019-15569

HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java...

JKS Private Key Cracker - Cracking passwords of private key entries in a JKS file

The Java Key Store JKS is the Java way of storing one or several cryptographic private and public keys for asymmetric cryptography in a file. While there are various key store formats, Java and Android still default to the JKS file format. JKS is one of the file formats for Java key stores, but J...