CVE-2022-24745
Last modified
CVE-2022-24745 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Shopware | Shopware | < 6.4.8.2 |
References
- https://github.com/shopware/platform/security/advisories/GHSA-jp6h-mxhx-pgqhPatch, Vendor Advisory
- https://github.com/shopware/platform/security/advisories/GHSA-jp6h-mxhx-pgqhPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-24745?
How severe is CVE-2022-24745?
How do I fix CVE-2022-24745?
Are you affected by CVE-2022-24745?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST