CVE-2024-31447
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Shopware Improper Session Handling in store-api account logout
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | shopware/core | >=6.3.5.0,<6.5.8.8 | 6.5.8.8 |
| Packagist | shopware/platform | >=6.3.5.0,<6.5.8.8 | 6.5.8.8 |
| Packagist | shopware/core | >=6.6.0.0-rc1,<6.6.1.0 | 6.6.1.0 |
| Packagist | shopware/platform | >=6.6.0.0-rc1,<6.6.1.0 | 6.6.1.0 |
References
- https://github.com/shopware/shopware/security/advisories/GHSA-5297-wrrp-rcj7
- https://nvd.nist.gov/vuln/detail/CVE-2024-31447
- https://github.com/shopware/shopware/commit/5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
- https://github.com/shopware/shopware/commit/d29775aa758f70d08e0c5999795c7c26d230e7d3
- https://github.com/shopware/shopware
Verify integrity in audit chain (admin only). AS-IS.