{"id":"GHSA-54gp-qff8-946c","summary":"Insecure direct object reference of log files of the Import/Export feature","details":"### Impact\nInsecure direct object reference of log files of the Import/Export feature\n\n### Patches\nWe recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n### Workarounds\nFor older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.\n\nhttps://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659","aliases":["CVE-2021-37709"],"modified":"2026-02-04T11:47:22.423179Z","published":"2021-08-30T16:14:19Z","related":["CVE-2021-37709"],"database_specific":{"severity":"MODERATE","nvd_published_at":"2021-08-16T22:15:00Z","cwe_ids":["CWE-532","CWE-639"],"github_reviewed":true,"github_reviewed_at":"2021-08-26T19:36:36Z"},"references":[{"type":"WEB","url":"https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37709"},{"type":"WEB","url":"https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec"},{"type":"PACKAGE","url":"https://github.com/shopware/platform"}],"affected":[{"package":{"name":"shopware/platform","ecosystem":"Packagist","purl":"pkg:composer/shopware/platform"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.4.3.1"}]}],"versions":["6.3.0.0","6.3.0.1","6.3.0.2","6.3.1.0","6.3.1.1","6.3.2.0","6.3.2.1","6.3.3.0","6.3.3.1","6.3.4.0","6.3.4.1","6.3.5.0","6.3.5.1","6.3.5.2","6.3.5.3","6.3.5.4","6.4.0.0","6.4.0.0-RC1","6.4.1.0","6.4.1.1","6.4.1.2","6.4.2.0","6.4.2.1","6.4.3.0","v6.0.0+dp1","v6.1.0","v6.1.0-rc1","v6.1.0-rc2","v6.1.0-rc3","v6.1.0-rc4","v6.1.1","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.2.0","v6.2.0-RC1","v6.2.1","v6.2.2","v6.2.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-54gp-qff8-946c/GHSA-54gp-qff8-946c.json","last_known_affected_version_range":"\u003c= 6.4.3.0"}},{"package":{"name":"shopware/core","ecosystem":"Packagist","purl":"pkg:composer/shopware/core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.4.3.1"}]}],"versions":["6.3.0.0","6.3.0.1","6.3.0.2","6.3.1.0","6.3.1.1","6.3.2.0","6.3.2.1","6.3.3.0","6.3.3.1","6.3.4.0","6.3.4.1","6.3.5.0","6.3.5.1","6.3.5.2","6.3.5.3","6.3.5.4","6.4.0.0","6.4.0.0-RC1","6.4.1.0","6.4.1.1","6.4.1.2","6.4.2.0","6.4.2.1","6.4.3.0","v6.0.0+ea2","v6.1.0","v6.1.0-rc1","v6.1.0-rc2","v6.1.0-rc3","v6.1.0-rc4","v6.1.1","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.2.0","v6.2.0-RC1","v6.2.1","v6.2.2","v6.2.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-54gp-qff8-946c/GHSA-54gp-qff8-946c.json","last_known_affected_version_range":"\u003c= 6.4.3.0"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}