{ "schema_version": "1.4.0", "id": "GHSA-qg7c-q3vq-rgxr", "modified": "2021-04-12T22:32:54Z", "published": "2021-04-13T15:13:26Z", "aliases": [], "summary": "Leak of information via Store-API aggregations in shopware/platform and shopware/core", "details": "### Impact\n\nLeak of information via Store-API\n\n### Patches\nWe recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659\n\n### For more information\nhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2021", "severity": [], "affected": [ { "package": { "ecosystem": "Packagist", "name": "shopware/core" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.3.5.3" } ] } ], "database_specific": { "last_known_affected_version_range": "<= 6.3.5.2" } }, { "package": { "ecosystem": "Packagist", "name": "shopware/platform" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.3.5.3" } ] } ], "database_specific": { "last_known_affected_version_range": "<= 6.3.5.2" } } ], "references": [ { "type": "WEB", "url": "https://github.com/shopware/platform/security/advisories/GHSA-qg7c-q3vq-rgxr" } ], "database_specific": { "cwe_ids": [ "CWE-668" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-04-12T22:32:54Z", "nvd_published_at": null } }