shopware/core vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the shopware/core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Insecure Default Initialization of Resource

<6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
  • M
SQL Injection

<6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
  • M
Information Exposure

<6.5.8.17>=6.6.0.0, <6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
  • M
Access Control Bypass

<6.5.8.17>=6.6.0.0, <6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
  • H
Improper Input Validation

<6.5.8.17>=6.6.0.0, <6.6.10.3>=6.7.0.0-rc1, <6.7.0.0-rc2
  • H
Server-Side Template Injection

<6.5.8.13>=6.6.0.0, <6.6.5.1
  • H
Server-Side Template Injection

<6.5.8.13>=6.6.0.0, <6.6.5.1
  • M
SQL Injection

<6.5.8.13>=6.6.0.0, <6.6.5.1
  • M
Improper Preservation of Permissions

<6.5.8.13>=6.6.0.0, <6.6.5.1
  • M
Insufficient Session Expiration

>=6.3.5.0, <6.5.8.8>=6.6.0.0, <6.6.1.0
  • C
SQL Injection

<6.5.7.4
  • M
Improper Access Control

<6.5.7.4
  • H
Incomplete List of Disallowed Inputs

<6.4.20.1
  • C
Arbitrary Code Execution

>=6.1.0, <6.4.18.1
  • M
Improper Input Validation

>=6.1.0, <6.4.18.1
  • M
Improper Input Validation

>=6.1.0, <6.4.18.1
  • L
Information Exposure

>=6.1.0, <6.4.18.1
  • H
Improper Access Control

<6.4.10.1
  • M
Server-side Request Forgery (SSRF)

<6.4.10.1
  • M
Cross-site Scripting (XSS)

<6.4.8.1
  • M
Improper Access Control

<6.4.8.2
  • M
Webcache Poisoning

<6.4.6.1
  • M
Server-side Request Forgery (SSRF)

<6.4.3.1
  • M
Improper Input Validation

<6.4.3.1
  • M
Command Injection

<6.4.3.1
  • L
Access Restriction Bypass

<6.4.1.1
  • M
Privilege Escalation

<6.4.1.1
  • M
Information Exposure

<6.4.1.1
  • M
Improper Input Validation

<6.4.1.1
  • H
Access Restriction Bypass

<6.4.1.1
  • C
Information Exposure

<6.3.5.3
  • C
Information Exposure

<6.3.5.3
  • M
Privilege Escalation

<6.3.4.1
  • M
Information Exposure

<6.3.4.1
  • M
Server-side Request Forgery (SSRF)

<6.3.4.1
  • M
XML External Entity (XXE) Injection

<6.3.2.1
  • M
Denial of Service (DoS)

<6.3.2.1
  • M
Cross-site Scripting (XSS)

<6.3.1.1
  • M
Arbitrary Code Execution

<6.3.1.1