CVE-2024-27917
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Shopware's session is persistent in Cache for 404 pages
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | shopware/storefront | >=6.5.8.0,<6.5.8.7 | 6.5.8.7 |
| Packagist | shopware/platform | >=6.5.8.0,<6.5.8.7 | 6.5.8.7 |
References
- https://github.com/shopware/shopware/security/advisories/GHSA-c2f9-4jmm-v45m
- https://github.com/shopware/shopware/commit/7d9cb03225efca5f97e69b800d8747598dd15ce3
- https://github.com/shopware/storefront/commit/3477e4a425d3c54b4bfae82d703fe3838dc21d3e
- https://github.com/shopware/shopware
- https://github.com/shopware/shopware/releases/tag/v6.5.8.7
Verify integrity in audit chain (admin only). AS-IS.