shopware/storefront Security Advisories for 6.4.1.0-dev (3)
-
[MEDIUM] HTTP caching is marking private HTTP headers as public in Shopware
PKSA-jkxk-vsfj-5htm CVE-2022-24747 GHSA-6wrh-279j-6hvw
Affected version: <=6.4.8.1
Reported by:
GitHub -
[MEDIUM] HTML injection possibility in voucher code form in Shopware
PKSA-8jwr-9m26-8fx2 CVE-2022-24746 GHSA-952p-fqcp-g8pc
Affected version: <=6.4.8.0
Reported by:
GitHub -
[MEDIUM] Shopware guest session is shared between customers
PKSA-yfgt-8j4b-756q CVE-2022-24745 GHSA-jp6h-mxhx-pgqh
Affected version: <=6.4.8.1
Reported by:
GitHub