CVE-2021-32716: Information Exposure

June 24, 2021 (updated October 25, 2022)

The admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to You can get the update to regularly via the Auto-Updater or directly via the download overview.

References

docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021
nvd.nist.gov/vuln/detail/CVE-2021-32716

Detect and mitigate CVE-2021-32716 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →