Phil23

**Name of the Vulnerable Software and Affected Versions** Shopware versions prior to 6.3.5.2 **Description** The issue concerns potential session hijacking of store customers. **Recommendations** For versions prior to 6.3.5.2, update to the current version 6.3.5.2 via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, install the corresponding security plugin to apply security measures.

**Name of the Vulnerable Software and Affected Versions** Shopware versions prior to 6.3.5.1 **Description** The issue is related to a leak of information via the Store-API. This could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** To resolve the issue, update to the current version 6.3.5.1. This update can be obtained regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. It is recommended to check plugins for usage and update to the latest Shopware version for the full range of functions. As a temporary workaround, consider reviewing and restricting the use of the Store-API until the update is applied.