Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq

Authenticated XML External Entity Processing

Impact

Authenticated XML External Entity Processing

Patches

We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin: https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020

Permalink: https://github.com/advisories/GHSA-8xv9-qcr9-ww9j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: 9 months ago


CVSS Score: 5.6
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Identifiers: GHSA-8xv9-qcr9-ww9j
References:

Affected Packages

packagist:shopware/core
Versions: <= 6.3.2.0
Fixed in: 6.3.2.1
packagist:shopware/platform
Versions: <= 6.3.2.0
Fixed in: 6.3.2.1