CVE-2022-24747

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.8.2

Description The issue arises from the improper setting of sensitive HTTP headers, making them cacheable. If an HTTP cache exists between the server and client, these headers may be exposed via HTTP caches. This affects Shopware, an open commerce platform based on the Symfony PHP framework and the Vue JavaScript framework.

Recommendations For versions prior to 6.4.8.2, update to version 6.4.8.2 to resolve the issue. For older versions of 6.1, 6.2, and 6.3, consider installing a corresponding security plugin as a temporary measure, but updating to the latest Shopware version is recommended for the full range of functions.