EUVD-2022-1370

Malicious code in bioql PyPI...

Default credentials

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...

CVE-2022-24744

CVE-2022-24744 – Shopware Affected: Shopware (open commerce platform based on Symfony and Vue) where, in affected versions, user sessions remain active after a password reset via the recovery flow. Root cause (as described in security docs): insufficient session expiration management allowing a u...

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

CVE-2022-24745

CVE-2022-24745 affects Shopware (Shopware platform) when HTTP caching is enabled. The issue allows guest sessions to be shared between customers due to improper handling of HTTP cache headers in affected versions (Varnish setups are not affected). Root cause is related to caching behavior that ex...