Not sure about this one but there might be an [PHP object injection](https://www.owasp.org/index.php/PHP_Object_Injection) problem with `unserialize`: https://github.com/heidelpay-sp/ShopwareStandardModul/blob/master/Frontend/HeidelGateway/Bootstrap.php#L4008 Possible solutions see also: https://github.com/kalessil/phpinspectionsea/blob/master/docs/security.md#exploiting-unserialize
Not sure about this one but there might be an PHP object injection problem with
unserialize:https://github.com/heidelpay-sp/ShopwareStandardModul/blob/master/Frontend/HeidelGateway/Bootstrap.php#L4008
Possible solutions see also: https://github.com/kalessil/phpinspectionsea/blob/master/docs/security.md#exploiting-unserialize