Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4djktM2pqcS1ydnA0

Moderate EPSS: 0.00308% (0.5359 Percentile) EPSS:
Permalink JSON

Exposure of Sensitive Information to an Unauthorized Actor

Affected Packages Affected Versions Fixed Versions
packagist:shopware/platform <= 6.4.1.0 6.4.1.1
6 Dependent packages
38 Dependent repositories
1,418,268 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

5.3.1, v6.0.0+ea2, v6.1.0, v6.1.1, v6.1.2, v6.1.3, v6.1.4, v6.1.5, v6.1.6, v6.2.0, v6.2.1, v6.2.2, v6.2.3, 6.4.10.0, 6.4.10.1, 6.4.11.0, 6.4.11.1, 6.4.12.0, 6.4.13.0, 6.4.14.0, 6.4.15.0, 6.4.15.1, 6.4.15.2, 6.4.16.0, 6.4.16.1, 6.4.17.0, 6.4.17.1, 6.4.17.2, 6.4.18.0, 6.4.18.1, 6.4.19.0, 6.4.20.0, 6.4.20.1, 6.4.20.2, v6.6.10.0, v6.6.10.1, v6.6.10.2, v6.6.10.3, v6.6.10.4, v6.6.10.5, v6.6.10.6

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

References:

Identifiers

GHSA-68v9-3jjq-rvp4

CVE-2021-32716

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00308

EPSS Percentile: 0.5359

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/shopware/platform

Date and time

Published

about 4 years ago

Updated

almost 3 years ago

API

JSON