CVE-2021-32711

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.3.5.1

Description The issue is related to a leak of information via the Store-API. This could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update to the current version 6.3.5.1. This update can be obtained regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. It is recommended to check plugins for usage and update to the latest Shopware version for the full range of functions. As a temporary workaround, consider reviewing and restricting the use of the Store-API until the update is applied.