CVE-2022-21652, GHSA-p523-jrph-qjc6
packagist/shopware/shopware
Insufficient Session Expiration
Shopware is an open source e-commerce software platform.With the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.
All versions starting from 5.7.3 before 5.7.7
Upgrade to version 5.7.7 or above.
2022-01-13
source |