shopware/shopware vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the shopware/shopware package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Race Condition	>=0.0.0
C Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	<1.0.8>=4.0.0, <5.2.15
C Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	>=4.2.0, <5.2.25
C Injection	<5.2.16
M Deserialization of Untrusted Data	<5.3.4
M XML External Entity (XXE) Injection	<5.3.4
M Information Exposure	>=5.6.0, <5.7.18
M Improper Check for Unusual or Exceptional Conditions	>=5.1.4, <5.7.18
M Cross-site Scripting (XSS)	>=0.0.0
M Information Exposure	>=5.0.0, <5.7.15
M Access Control Bypass	>=5.0.0, <5.7.15
M Cross-site Scripting (XSS)	<5.6.9>=5.7.0, <5.7.14
M Cross-site Scripting (XSS)	>=5.0.0, <5.7.12
M Cross-site Scripting (XSS)	>=5.0.0, <5.7.9
M Weak Password Recovery Mechanism for Forgotten Password	>=5.0.4, <5.7.9
M Cross-site Request Forgery (CSRF)	>=5.2.0, <5.7.9
M Open Redirect	<5.7.7
L Insufficient Session Expiration	<5.7.7
M Cross-site Scripting (XSS)	<5.7.6
M Information Exposure	<5.6.10
M Cross-site Scripting (XSS)	<5.6.10
M Cross-site Scripting (XSS)	>=5.0.0, <5.6.10
M Information Exposure	>=5.0.0, <5.6.10
M Cross-site Scripting (XSS)	<5.6.9
M Cross-site Scripting (XSS)	>=5.2.5, <5.3.1
H Cross-site Scripting (XSS)	<5.5.8
H SQL Injection	>=4.2.0, <5.4.3
M Cross-site Scripting (XSS)	>=5.2.0, <5.3.7
H Arbitrary Code Execution	<5.2.25
H Arbitrary Code Execution	>=4.0.0, <5.2.15
C Arbitrary Code Execution	<4.3.7>=5.0.0, <5.1.5

Vulnerability

Vulnerable Version

>=0.0.0