もっと詳しく

Impact

The CSRF tokens were not renewed after login and logout.
An attacker could impersonate the victim if the attacker is able to use the same device as the victim used beforehand.

Patches

We recommend updating to the current version 5.7.9. You can get the update to 5.7.9 regularly via the Auto-Updater or directly via the download overview.
https://www.shopware.com/en/changelog-sw5/#5-7-9

For older versions you can use the Security Plugin:
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022

References