Skip to content

Automatically invalidate sessions upon password change

Moderate
mitelg published GHSA-p523-jrph-qjc6 Jan 5, 2022

Package

composer shopware/shopware (Composer)

Affected versions

>=5.7.3 <=5.7.6

Patched versions

5.7.7

Description

Impact

Automatically invalidate sessions upon password change

Patches

We recommend updating to the current version 5.7.7. You can get the update to 5.7.7 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin:
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022

Severity

Moderate

CVE ID

CVE-2022-21652

Weaknesses

No CWEs