GHSA-cgfj-hj93-rmh2

Source

https://github.com/advisories/GHSA-cgfj-hj93-rmh2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cgfj-hj93-rmh2

Aliases

CVE-2025-30151

Published

2025-04-08T14:51:17Z

Modified

2025-04-08T18:13:12.572093Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Shopware allows Denial Of Service via password length

Details

Impact

It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API.

Patches

Update to Shopware 6.6.10.3 or 6.5.8.17

Workarounds

For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2025-04-08T14:15:34Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed_at": "2025-04-08T14:51:17Z",
    "severity": "HIGH"
}

References

Affected packages

Packagist

shopware/core

Package

Name: shopware/core
Purl: pkg:composer/shopware/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0.0

Fixed

6.6.10.3

Affected versions

v6.*

v6.6.0.0

v6.6.0.1

v6.6.0.2

v6.6.0.3

v6.6.1.0

v6.6.1.1

v6.6.1.2

v6.6.2.0

v6.6.3.0

v6.6.3.1

v6.6.4.0

v6.6.4.1

v6.6.5.0

v6.6.5.1

v6.6.6.0

v6.6.6.1

v6.6.7.0

v6.6.7.1

v6.6.8.0

v6.6.8.1

v6.6.8.2

v6.6.9.0

v6.6.10.0

v6.6.10.1

v6.6.10.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json"

shopware/platform

Package

Name: shopware/platform
Purl: pkg:composer/shopware/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0.0

Fixed

6.6.10.3

Affected versions

v6.*

v6.6.0.0

v6.6.0.1

v6.6.0.2

v6.6.0.3

v6.6.1.0

v6.6.1.1

v6.6.1.2

v6.6.2.0

v6.6.3.0

v6.6.3.1

v6.6.4.0

v6.6.4.1

v6.6.5.0

v6.6.5.1

v6.6.6.0

v6.6.6.1

v6.6.7.0

v6.6.7.1

v6.6.8.0

v6.6.8.1

v6.6.8.2

v6.6.9.0

v6.6.10.0

v6.6.10.1

v6.6.10.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json"

shopware/core

Package

Name: shopware/core
Purl: pkg:composer/shopware/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.7.0.0-rc1

Fixed

6.7.0.0-rc2

Affected versions

v6.*

v6.7.0.0-rc1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json"

shopware/platform

Package

Name: shopware/platform
Purl: pkg:composer/shopware/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.7.0.0-rc1

Fixed

6.7.0.0-rc2

Affected versions

v6.*

v6.7.0.0-rc1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json"

shopware/core

Package

Name: shopware/core
Purl: pkg:composer/shopware/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.8.17

Affected versions

v6.*

v6.0.0+ea2

v6.1.0-rc1

v6.1.0-rc2

v6.1.0-rc3

v6.1.0-rc4

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.2.0-RC1

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.5.1.0

v6.5.1.1

v6.5.2.0

v6.5.2.1

v6.5.3.0

v6.5.3.1

v6.5.3.2

v6.5.3.3

v6.5.4.0

v6.5.4.1

v6.5.5.0

v6.5.5.1

v6.5.5.2

v6.5.6.0

v6.5.6.1

v6.5.7.0

v6.5.7.1

v6.5.7.2

v6.5.7.3

v6.5.7.4

v6.5.8.0

v6.5.8.1

v6.5.8.2

v6.5.8.3

v6.5.8.4

v6.5.8.5

v6.5.8.6

v6.5.8.7

v6.5.8.8

v6.5.8.9

v6.5.8.10

v6.5.8.11

v6.5.8.12

v6.5.8.13

v6.5.8.14

v6.5.8.15

v6.5.8.16

6.*

6.3.0.0

6.3.0.1

6.3.0.2

6.3.1.0

6.3.1.1

6.3.2.0

6.3.2.1

6.3.3.0

6.3.3.1

6.3.4.0

6.3.4.1

6.3.5.0

6.3.5.1

6.3.5.2

6.3.5.3

6.3.5.4

6.4.0.0-RC1

6.4.0.0

6.4.1.0

6.4.1.1

6.4.1.2

6.4.2.0

6.4.2.1

6.4.3.0

6.4.3.1

6.4.4.0

6.4.4.1

6.4.5.0

6.4.5.1

6.4.6.0

6.4.6.1

6.4.7.0

6.4.8.0

6.4.8.1

6.4.8.2

6.4.9.0

6.4.10.0

6.4.10.1

6.4.11.0

6.4.11.1

6.4.12.0

6.4.13.0

6.4.14.0

6.4.15.0

6.4.15.1

6.4.15.2

6.4.16.0

6.4.16.1

6.4.17.0

6.4.17.1

6.4.17.2

6.4.18.0

6.4.18.1

6.4.19.0

6.4.20.0

6.4.20.1

6.4.20.2

6.5.0.0-rc1

6.5.0.0-rc2

6.5.0.0-rc3

6.5.0.0-rc4

6.5.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json"

shopware/platform

Package

Name: shopware/platform
Purl: pkg:composer/shopware/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.8.17

Affected versions

v6.*

v6.0.0+ea2

v6.1.0-rc1

v6.1.0-rc2

v6.1.0-rc3

v6.1.0-rc4

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.2.0-RC1

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.5.1.0

v6.5.1.1

v6.5.2.0

v6.5.2.1

v6.5.3.0

v6.5.3.1

v6.5.3.2

v6.5.3.3

v6.5.4.0

v6.5.4.1

v6.5.5.0

v6.5.5.1

v6.5.5.2

v6.5.6.0

v6.5.6.1

v6.5.7.0

v6.5.7.1

v6.5.7.2

v6.5.7.3

v6.5.7.4

v6.5.8.0

v6.5.8.1

v6.5.8.2

v6.5.8.3

v6.5.8.4

v6.5.8.5

v6.5.8.6

v6.5.8.7

v6.5.8.8

v6.5.8.9

v6.5.8.10

v6.5.8.11

v6.5.8.12

v6.5.8.13

v6.5.8.14

v6.5.8.15

v6.5.8.16

6.*

6.3.0.0

6.3.0.1

6.3.0.2

6.3.1.0

6.3.1.1

6.3.2.0

6.3.2.1

6.3.3.0

6.3.3.1

6.3.4.0

6.3.4.1

6.3.5.0

6.3.5.1

6.3.5.2

6.3.5.3

6.3.5.4

6.4.0.0-RC1

6.4.0.0

6.4.1.0

6.4.1.1

6.4.1.2

6.4.2.0

6.4.2.1

6.4.3.0

6.4.3.1

6.4.4.0

6.4.4.1

6.4.5.0

6.4.5.1

6.4.6.0

6.4.6.1

6.4.7.0

6.4.8.0

6.4.8.1

6.4.8.2

6.4.9.0

6.4.10.0

6.4.10.1

6.4.11.0

6.4.11.1

6.4.12.0

6.4.13.0

6.4.14.0

6.4.15.0

6.4.15.1

6.4.15.2

6.4.16.0

6.4.16.1

6.4.17.0

6.4.17.1

6.4.17.2

6.4.18.0

6.4.18.1

6.4.19.0

6.4.20.0

6.4.20.1

6.4.20.2

6.5.0.0-rc1

6.5.0.0-rc2

6.5.0.0-rc3

6.5.0.0-rc4

6.5.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-cgfj-hj93-rmh2/GHSA-cgfj-hj93-rmh2.json"