GMS-2020-596: Denial of Service via Cache Flooding

October 19, 2020 (updated September 21, 2021)

Impact

Denial of Service via Cache Flooding

Patches

We recommend to update to the current version 6.3.2.1. You can get the update to 6.3.2.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2 the corresponding changes are also available via plugin:

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-10-2020

References

github.com/advisories/GHSA-p68v-frgx-4rjp
github.com/shopware/platform/security/advisories/GHSA-p68v-frgx-4rjp

Detect and mitigate GMS-2020-596 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →