2 matches found
Insufficient Session Expiration
Shopware is vulnerable to Insufficient Session Expiration. The vulnerability is caused due to improper session management within LogoutRoute.php, specifically in the handling of authenticated logout requests to the /store-api/account/logout POST endpoint. This leads to the cart being cleared...
Shopware's session is persistent in Cache for 404 pages
Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...