CVE-2023-22730

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.18.1

Description The issue allows users to bypass quantity limits in sales by adding the same line item multiple times to the cart using the API. The Cart Validators checked the line item's individuality, which could be exploited. This problem has been fixed with version 6.4.18.1.

Recommendations For versions 6.1, 6.2, and 6.3, obtain the fix via a plugin. Update to version 6.4.18.1 or later to resolve the issue. As a temporary workaround, consider disabling the newsletter registration or restricting access to the cart API to minimize the risk of exploitation.