CVE-2024-42354
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2024-42354 is a vulnerability affecting the Shopware open commerce platform. Before versions 6.6.5.1 and 6.5.8.13, the platform's store-API did not properly handle ManyToMany associations in Criteria, exposing these fields to the public API. As a result, the associated protections were not applied, leading to potential security risks. This issue does not affect the default entities in Shopware but can be triggered by extensions. To mitigate this vulnerability, users are advised to update to Shopware 6.6.5.1 or 6.5.8.13. For older versions of 6.2, 6.3, and 6.4, corresponding security measures can be implemented via a plugin.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.