An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq

Moderate

Authenticated XML External Entity Processing

Affected Packages Affected Versions Fixed Versions
packagist:shopware/core <= 6.3.2.0 6.3.2.1
216 Dependent packages
298 Dependent repositories
4,226,487 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.1, 6.2.2, 6.2.3

packagist:shopware/platform <= 6.3.2.0 6.3.2.1
6 Dependent packages
38 Dependent repositories
1,391,913 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

5.3.1, 6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.1, 6.2.2, 6.2.3

Impact

Authenticated XML External Entity Processing

Patches

We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020

References: