shopware/core vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the shopware/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Removal of Sensitive Information Before Storage or Transfer	<6.6.10.7>=6.7.0.0, <6.7.3.1
H Directory Traversal	<6.6.10.7>=6.7.0.0, <6.7.3.1
M Missing Authorization	<6.6.10.7>=6.7.0.0, <6.7.3.1
M Incorrect Authorization	<6.6.10.7>=6.7.0.0, <6.7.3.1
M Server-side Request Forgery (SSRF)	<6.6.10.7>=6.7.0.0-dev, <6.7.3.1
M Insecure Default Initialization of Resource	<6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
M SQL Injection	<6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
M Information Exposure	<6.5.8.17>=6.6.0.0, <6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
M Access Control Bypass	<6.5.8.17>=6.6.0.0, <6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
H Improper Input Validation	<6.5.8.17>=6.6.0.0, <6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
H Server-Side Template Injection	<6.5.8.13>=6.6.0.0, <6.6.5.1
H Server-Side Template Injection	<6.5.8.13>=6.6.0.0, <6.6.5.1
M SQL Injection	<6.5.8.13>=6.6.0.0, <6.6.5.1
M Improper Preservation of Permissions	<6.5.8.13>=6.6.0.0, <6.6.5.1
M Insufficient Session Expiration	>=6.3.5.0, <6.5.8.8>=6.6.0.0, <6.6.1.0
C SQL Injection	<6.5.7.4
M Improper Access Control	<6.5.7.4
H Incomplete List of Disallowed Inputs	<6.4.20.1
C Arbitrary Code Execution	>=6.1.0, <6.4.18.1
M Improper Input Validation	>=6.1.0, <6.4.18.1
M Improper Input Validation	>=6.1.0, <6.4.18.1
L Information Exposure	>=6.1.0, <6.4.18.1
H Improper Access Control	<6.4.10.1
M Server-side Request Forgery (SSRF)	<6.4.10.1
M Cross-site Scripting (XSS)	<6.4.8.1
M Improper Access Control	<6.4.8.2
M Webcache Poisoning	<6.4.6.1
M Server-side Request Forgery (SSRF)	<6.4.3.1
M Improper Input Validation	<6.4.3.1
M Command Injection	<6.4.3.1
L Access Restriction Bypass	<6.4.1.1
M Privilege Escalation	<6.4.1.1
M Information Exposure	<6.4.1.1
M Improper Input Validation	<6.4.1.1
H Access Restriction Bypass	<6.4.1.1
C Information Exposure	<6.3.5.3
C Information Exposure	<6.3.5.3
M Privilege Escalation	<6.3.4.1
M Information Exposure	<6.3.4.1
M Server-side Request Forgery (SSRF)	<6.3.4.1
M XML External Entity (XXE) Injection	<6.3.2.1
M Denial of Service (DoS)	<6.3.2.1
M Cross-site Scripting (XSS)	<6.3.1.1
M Arbitrary Code Execution	<6.3.1.1

Vulnerability

Vulnerable Version

Improper Removal of Sensitive Information Before Storage or Transfer

<6.6.10.7>=6.7.0.0, <6.7.3.1