Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq

Moderate
Permalink JSON

Authenticated XML External Entity Processing

Affected Packages Affected Versions Fixed Versions
packagist:shopware/core <= 6.3.2.0 6.3.2.1
216 Dependent packages
298 Dependent repositories
4,226,487 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.1, 6.2.2, 6.2.3
packagist:shopware/platform <= 6.3.2.0 6.3.2.1
6 Dependent packages
38 Dependent repositories
1,391,913 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

5.3.1, 6.0.0, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.1, 6.2.2, 6.2.3

Impact

Authenticated XML External Entity Processing

Patches

We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020

References:

Identifiers

GHSA-8xv9-qcr9-ww9j

Risk

Severity

Moderate

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/shopware/platform

Date and time

Published

almost 5 years ago

Updated

over 2 years ago

API

JSON