{"id":"GHSA-68v9-3jjq-rvp4","summary":"Exposure of Sensitive Information to an Unauthorized Actor","details":"Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.","aliases":["CVE-2021-32716"],"modified":"2026-03-13T22:11:10.991853Z","published":"2021-09-08T18:00:40Z","database_specific":{"severity":"MODERATE","github_reviewed":true,"cwe_ids":["CWE-200","CWE-863"],"nvd_published_at":"2021-06-24T21:15:00Z","github_reviewed_at":"2021-06-25T15:30:08Z"},"references":[{"type":"WEB","url":"https://github.com/shopware/platform/security/advisories/GHSA-gpmh-g94g-qrhr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32716"},{"type":"WEB","url":"https://github.com/shopware/platform/commit/b5c3ce3e93bd121324d72aa9d367cb636ff1c0eb"},{"type":"WEB","url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021"}],"affected":[{"package":{"name":"shopware/platform","ecosystem":"Packagist","purl":"pkg:composer/shopware/platform"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.4.1.1"}]}],"versions":["6.3.0.0","6.3.0.1","6.3.0.2","6.3.1.0","6.3.1.1","6.3.2.0","6.3.2.1","6.3.3.0","6.3.3.1","6.3.4.0","6.3.4.1","6.3.5.0","6.3.5.1","6.3.5.2","6.3.5.3","6.3.5.4","6.4.0.0","6.4.0.0-RC1","6.4.1.0","v6.0.0+dp1","v6.1.0","v6.1.0-rc1","v6.1.0-rc2","v6.1.0-rc3","v6.1.0-rc4","v6.1.1","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.2.0","v6.2.0-RC1","v6.2.1","v6.2.2","v6.2.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-68v9-3jjq-rvp4/GHSA-68v9-3jjq-rvp4.json","last_known_affected_version_range":"\u003c= 6.4.1.0"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}