Server-side Request Forgery (SSRF) Affecting shopware/core package, versions <6.3.4.1


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PHP-SHOPWARECORE-1053427
  • published22 Dec 2020
  • disclosed21 Dec 2020
  • creditREQON B.V.

Introduced: 21 Dec 2020

CVE NOT AVAILABLE CWE-918  (opens in a new tab)

How to fix?

Upgrade shopware/core to version 6.3.4.1 or higher.

Overview

shopware/core is a Shopware platform is the core for all Shopware ecommerce products.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). No further details were provided.

CVSS Scores

version 3.1