CVE-2022-24748
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-24748
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24748.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-24748
- Aliases
- Published
- 2022-03-09T23:15:08Z
- Modified
- 2024-05-14T11:41:48.711917Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds.
- References
Affected packages
Git / github.com/shopware/core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/shopware/core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/shopware/shopware
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v6.*
v6.0.0+dp1
v6.0.0+ea1
v6.0.0+ea1.1
v6.0.0+ea2
v6.1.0
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.2.0
v6.2.0-RC1
v6.2.1
v6.2.2
v6.2.3
v6.3.0.0
v6.3.0.1
v6.3.0.2
v6.3.3.0
v6.3.3.1
v6.3.4.1
v6.3.5.0
v6.4.1.0
v6.4.1.1
v6.4.1.2
v6.4.3.0
v6.4.3.1
v6.4.4.0
v6.4.4.1
v6.4.5.0
v6.4.5.1
v6.4.6.0
v6.4.6.1
v6.4.8.0
v6.4.8.1