GMS-2020-594: Authenticated XML External Entity Processing

October 19, 2020 (updated October 4, 2021)

Impact

Authenticated XML External Entity Processing

Patches

We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin: https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020

References

github.com/advisories/GHSA-8xv9-qcr9-ww9j
github.com/shopware/platform/security/advisories/GHSA-8xv9-qcr9-ww9j
snyk.io/vuln/SNYK-PHP-SHOPWAREPLATFORM-1019470

Code Behaviors & Features

Detect and mitigate GMS-2020-594 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →