CRITICAL✓ PATCH🇬🇧 English

CVE-2021-32711

CVSS 9.1v3.1pub. 2021-06-24upd. 2024-11-21

Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Shopware

    APP
    Shopware
    < 6.3.5.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-22406CRITICAL9.3PL ✓ten sam produkt

SQL injection w API wyszukiwania Shopware przez pole 'name' agregacji

CVE-2023-22731CRITICAL9.9ten sam produkt

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **wi...

CVE-2016-3109CRITICAL9.8ten sam produkt

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.

CVE-2026-31887HIGH8.9ten sam produkt

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter typ...

CVE-2026-31889HIGH8.9ten sam produkt

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app reg...