Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jp6h-mxhx-pgqh

GitHub Security Advisory

Shopware guest session is shared between customers

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue

## Patches

We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

## Workarounds

### Security Plugin
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

### Disable HTTP Cache

Disabling HTTP Cache is also a valid workaround

Affected Packages

Packagist shopware/platform
Affected versions: 0 (fixed in 6.4.8.2)
Packagist shopware/storefront
Affected versions: 0 (fixed in 6.4.8.2)

Related CVEs

CVE-2022-24745

Key Information

GHSA ID
GHSA-jp6h-mxhx-pgqh
Published
March 10, 2022 5:28 PM
Last Modified
March 24, 2022 12:22 AM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
shopware/platform
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.