GMS-2020-590: RCE in Third Party Library in Shopware

September 23, 2020

Impact

RCE in Third Party Library

Patches

We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin: https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

References

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020

References

docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020
github.com/advisories/GHSA-qvc5-cfrr-384v
github.com/shopware/platform/security/advisories/GHSA-qvc5-cfrr-384v

Detect and mitigate GMS-2020-590 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →