Insecure direct object reference of log files of the Import/Export feature
Description
Published by the National Vulnerability Database
Aug 16, 2021
Reviewed
Aug 26, 2021
Published to the GitHub Advisory Database
Aug 30, 2021
Last updated
Feb 1, 2023
Impact
Insecure direct object reference of log files of the Import/Export feature
Patches
We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview.
https://www.shopware.com/en/download/#shopware-6
Workarounds
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
References