shopware/core/.../core vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the shopware/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Server-Side Template Injection	<6.5.8.13>=6.6.0.0, <6.6.5.1
H Server-Side Template Injection	<6.5.8.13>=6.6.0.0, <6.6.5.1
M SQL Injection	<6.5.8.13>=6.6.0.0, <6.6.5.1
M Improper Preservation of Permissions	<6.5.8.13>=6.6.0.0, <6.6.5.1
M Insufficient Session Expiration	>=6.3.5.0, <6.5.8.8>=6.6.0.0, <6.6.1.0
C SQL Injection	<6.5.7.4
M Improper Access Control	<6.5.7.4
H Incomplete List of Disallowed Inputs	<6.4.20.1
C Arbitrary Code Execution	>=6.1.0, <6.4.18.1
M Improper Input Validation	>=6.1.0, <6.4.18.1
M Improper Input Validation	>=6.1.0, <6.4.18.1
L Information Exposure	>=6.1.0, <6.4.18.1
H Improper Access Control	<6.4.10.1
M Server-side Request Forgery (SSRF)	<6.4.10.1
M Cross-site Scripting (XSS)	<6.4.8.1
M Improper Access Control	<6.4.8.2
M Webcache Poisoning	<6.4.6.1
M Server-side Request Forgery (SSRF)	<6.4.3.1
M Improper Input Validation	<6.4.3.1
M Command Injection	<6.4.3.1
L Access Restriction Bypass	<6.4.1.1
M Privilege Escalation	<6.4.1.1
M Information Exposure	<6.4.1.1
M Improper Input Validation	<6.4.1.1
H Access Restriction Bypass	<6.4.1.1
C Information Exposure	<6.3.5.3
C Information Exposure	<6.3.5.3
M Privilege Escalation	<6.3.4.1
M Information Exposure	<6.3.4.1
M Server-side Request Forgery (SSRF)	<6.3.4.1
M XML External Entity (XXE) Injection	<6.3.2.1
M Denial of Service (DoS)	<6.3.2.1
M Cross-site Scripting (XSS)	<6.3.1.1
M Arbitrary Code Execution	<6.3.1.1