Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

6.1.0 #84

Merged
merged 1 commit into from
Jun 19, 2024
Merged

6.1.0 #84

merged 1 commit into from
Jun 19, 2024

Conversation

paeddl
Copy link
Contributor

@paeddl paeddl commented Jun 19, 2024

  • Add Google Pay as new payment method
  • Certificate handling Apple Pay improved

@paeddl paeddl merged commit f2fe33f into SW6.6 Jun 19, 2024
1 check passed
@paeddl paeddl deleted the 6.1.0 branch June 19, 2024 04:12
@github-actions GitHub Actions
Copy link

Logo
Checkmarx One – Scan Summary & Detailse1f51fdc-084a-4ee7-8cc6-b23295967876

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Client_DOM_Stored_XSS /vendor/unzerdev/php-sdk/examples/Applepay/index.php: [172](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Applepay/index.php# L172) Attack Vector
HIGH Client_DOM_Stored_XSS /vendor/unzerdev/php-sdk/examples/Applepay/index.php: [151](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Applepay/index.php# L151) Attack Vector
HIGH Stored_XSS /vendor/unzerdev/php-sdk/test/Fixtures/JsonProvider.php: [24](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/test/Fixtures/JsonProvider.php# L24) Attack Vector
MEDIUM Broken_or_Risky_Hashing_Function /src/Components/AddressHashGenerator/AddressHashGenerator.php: [34](https://github.com/unzerdev/shopware6/blob/6.1.0//src/Components/AddressHashGenerator/AddressHashGenerator.php# L34) Attack Vector
MEDIUM Missing_HSTS_Header /vendor/autoload.php: [7](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/autoload.php# L7) Attack Vector
MEDIUM Missing_HSTS_Header /vendor/unzerdev/php-sdk/examples/Googlepay/index.php: [144](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Googlepay/index.php# L144) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [90](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L90) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: [105](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php# L105) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: [100](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php# L100) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: [80](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php# L80) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: [80](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPal/Controller.php# L80) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Unzer.php: [684](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Unzer.php# L684) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [138](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L138) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [133](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L133) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Unzer.php: [679](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Unzer.php# L679) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Unzer.php: [679](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Unzer.php# L679) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Unzer.php: [679](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Unzer.php# L679) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [133](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L133) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: [80](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPal/Controller.php# L80) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Unzer.php: [679](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Unzer.php# L679) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [133](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L133) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [138](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L138) Attack Vector
MEDIUM Privacy_Violation /vendor/unzerdev/php-sdk/src/Services/PaymentService.php: [138](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/src/Services/PaymentService.php# L138) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php: [43](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php# L43) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php: [44](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php# L44) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php: [39](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php# L39) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: [52](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php# L52) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: [47](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php# L47) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: [46](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php# L46) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: [46](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPal/Controller.php# L46) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: [44](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php# L44) Attack Vector
MEDIUM SSRF /vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php: [41](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php# L41) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Alipay/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Alipay/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/EPSCharge/Controller.php: [24](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/EPSCharge/Controller.php# L24) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: [25](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPal/Controller.php# L25) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/InstallmentSecured/PlaceOrderController.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InstallmentSecured/PlaceOrderController.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/CardRecurring/RecurringPaymentController.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/CardRecurring/RecurringPaymentController.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/CardRecurring/ReturnController.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/CardRecurring/ReturnController.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PayPalRecurring/ReturnController.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPalRecurring/ReturnController.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/ReturnController.php: [38](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/ReturnController.php# L38) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: [26](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php# L26) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: [27](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php# L27) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php: [30](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php# L30) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php: [30](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php# L30) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Applepay/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Applepay/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: [28](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php# L28) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/InstallmentSecured/confirm.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InstallmentSecured/confirm.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: [26](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php# L26) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Applepay/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Applepay/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Klarna/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Card/Controller.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Card/Controller.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Klarna/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Klarna/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php# L29) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: [28](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php# L28) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Card/Controller.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Card/Controller.php# L22) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: [25](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPal/Controller.php# L25) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: [27](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php# L27) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Bancontact/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Bancontact/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Przelewy24/Controller.php: [24](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Przelewy24/Controller.php# L24) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PostFinanceEfinance/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PostFinanceEfinance/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Giropay/Controller.php: [24](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Giropay/Controller.php# L24) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Prepayment/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Prepayment/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/SepaDirectDebitSecured/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/SepaDirectDebitSecured/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/IDeal/Controller.php: [24](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/IDeal/Controller.php# L24) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PayU/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PayU/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/InvoiceSecured/Controller.php: [26](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InvoiceSecured/Controller.php# L26) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Wechatpay/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Wechatpay/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Sofort/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Sofort/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/PostFinanceCard/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/PostFinanceCard/Controller.php# L21) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/Invoice/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Invoice/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php: [23](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php# L23) Attack Vector
MEDIUM Session_Fixation /vendor/unzerdev/php-sdk/examples/BankTransfer/Controller.php: [21](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/BankTransfer/Controller.php# L21) Attack Vector
MEDIUM Unpinned Actions Full Length Commit SHA /pre-release.yml: [39](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/.github/workflows/pre-release.yml# L39) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /integration-tests.yml: [25](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/.github/workflows/integration-tests.yml# L25) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: [18](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/.github/workflows/release.yml# L18) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: [35](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/.github/workflows/release.yml# L35) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /unit-tests.yml: [18](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/.github/workflows/unit-tests.yml# L18) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pre-release.yml: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/.github/workflows/pre-release.yml# L22) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Client_Hardcoded_Domain /src/Resources/app/storefront/src/unzer/unzer-payment.google-pay.plugin.js: [127](https://github.com/unzerdev/shopware6/blob/6.1.0//src/Resources/app/storefront/src/unzer/unzer-payment.google-pay.plugin.js# L127) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Googlepay/index.php: [26](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Googlepay/index.php# L26) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Googlepay/index.php: [20](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Googlepay/index.php# L20) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Pending.php: [17](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Pending.php# L17) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Pending.php: [15](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Pending.php# L15) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Success.php: [31](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Success.php# L31) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Failure.php: [17](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Failure.php# L17) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Backend/Failure.php: [20](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/Failure.php# L20) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Success.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Success.php# L29) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Backend/Failure.php: [18](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/Failure.php# L18) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Failure.php: [15](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Failure.php# L15) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Backend/ManagePayment.php: [29](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/ManagePayment.php# L29) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Backend/ManagePayment.php: [34](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/ManagePayment.php# L34) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Backend/ManagePayment.php: [31](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Backend/ManagePayment.php# L31) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Googlepay/index.php: [25](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Googlepay/index.php# L25) Attack Vector
LOW Client_Hardcoded_Domain /src/Resources/app/storefront/src/unzer/unzer-payment.apple-pay.plugin.js: [74](https://github.com/unzerdev/shopware6/blob/6.1.0//src/Resources/app/storefront/src/unzer/unzer-payment.apple-pay.plugin.js# L74) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/Webhooks/index.php: [52](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/Webhooks/index.php# L52) Attack Vector
LOW Client_Hardcoded_Domain /vendor/unzerdev/php-sdk/examples/InstallmentSecured/index.php: [22](https://github.com/unzerdev/shopware6/blob/6.1.0//vendor/unzerdev/php-sdk/examples/InstallmentSecured/index.php# L22) Attack Vector
LOW

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@paeddl