GMS-2020-588: Information exposure via query strings in URL

December 21, 2020

Impact

Information exposure via query strings in URL

Patches

We recommend to update to the current version 6.3.4.1. You can get the update to 6.3.4.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-12-2020

Credits

We would like to thank Oliver Herrmann for reporting this issue.

References

github.com/advisories/GHSA-cq6h-w3mc-57f4
github.com/shopware/platform/security/advisories/GHSA-cq6h-w3mc-57f4

Detect and mitigate GMS-2020-588 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →