References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

GitHub, Inc. CWE-524

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done. When Redis is in use for Sessions using the

GitHub, Inc. https://github.com/shopware/shopware/commit/7d9cb03225efca5f97e69b800d8747598dd15ce3 [No types assigned]

GitHub, Inc. https://github.com/shopware/shopware/releases/tag/v6.5.8.7 [No types assigned]

GitHub, Inc. https://github.com/shopware/shopware/security/advisories/GHSA-c2f9-4jmm-v45m [No types assigned]

GitHub, Inc. https://github.com/shopware/storefront/commit/3477e4a425d3c54b4bfae82d703fe3838dc21d3e [No types assigned]