shopware/platform is vulnerable to session fixation. Remote unauthenticated attackers are able to gain access to guest sessions because the sessions are shared between customers when HTTP cache is enabled, resulting in inconsistent experiences for guest users.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/platform | le | 6.4.8.1 | |
shopware/storefront | le | 6.4.8.1 | |
shopware/platform | le | 6.4.8.1 | |
shopware/storefront | le | 6.4.8.1 |