Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.3.5.3

Description: The issue allows sensitive files, such as .env, to be leaked if the project root is configured as the web root instead of /public. This can lead to exposure of sensitive information. It is recommended to always use /public as the web root to prevent such leaks.

Recommendations: For versions prior to 6.3.5.3, update to version 6.3.5.3 to resolve the issue. As a temporary workaround, consider configuring the web root to /public to minimize the risk of exploitation. For older versions of 6.1 and 6.2, a security plugin is available, but updating to the latest Shopware version is recommended for the full range of functions.