Amenk

**Name of the Vulnerable Software and Affected Versions** Shopware versions prior to 2.0.16 Shopware versions prior to 3.0.12 Shopware versions prior to 4.0.7 **Description** The `/api/ info/config` API endpoint exposes information about active security fixes. This allows potential attackers to gain insights into the security posture of the Shopware platform. **Recommendations** Update to Shopware version 2.0.16 or later. Update to Shopware version 3.0.12 or later. Update to Shopware version 4.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Shopware versions prior to 7.8.1 Shopware versions prior to 6.10.15 **Description** Shopware is an open commerce platform. The `/api/ info/config` API endpoint exposes information about licenses. This allows for unauthenticated information disclosure. **Recommendations** Update to Shopware version 7.8.1 or later. Update to Shopware version 6.10.15 or later.