Exposure of Sensitive Information to an Unauthorized Actor
Shopware is an open source eCommerce platform. In versions prior to 220.127.116.11 the admin api has exposed some internal hidden fields when an association has been loaded with a 'to many' reference. Users are recommend to update to version 18.104.22.168. You can get the update to 22.214.171.124 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
CWE-200 - Information Exposure
An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.