Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-7gm7-8q8v-9gf2

GitHub Security Advisory

Server-Side Request Forgery (SSRF) in Shopware

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact

The attacker can abuse the Admin SDK functionality on the server to read or update internal resources.

### Patches

We recommend updating to the current version 6.4.10.1. You can get the update to 6.4.10.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

### Workarounds

For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Affected Packages

Packagist shopware/platform
Affected versions: 0 (fixed in 6.4.10.1)
Packagist shopware/core
Affected versions: 0 (fixed in 6.4.10.1)

Related CVEs

CVE-2022-24871

Key Information

GHSA ID
GHSA-7gm7-8q8v-9gf2
Published
April 22, 2022 9:04 PM
Last Modified
April 22, 2022 9:04 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
shopware/platform
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.