Low severityNVD Advisory· Published Mar 9, 2022· Updated Apr 23, 2025
Insufficient Session Expiration in shopware
CVE-2022-24744
Description
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/platformPackagist | < 6.4.8.1 | 6.4.8.1 |
shopware/corePackagist | < 6.4.8.1 | 6.4.8.1 |
Affected products
3- ghsa-coords2 versions
< 6.4.8.1+ 1 more
- (no CPE)range: < 6.4.8.1
- (no CPE)range: < 6.4.8.1
- shopware/platformv5Range: < 6.4.8.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-w267-m9c4-8555ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24744ghsaADVISORY
- docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022ghsaWEB
- github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64ghsaWEB
- github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6ghsaWEB
- github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.