From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Improper Access Control with ManyToMany associations in store-api - Severity Level: Moderate (5.3/10) - Impact: The store-API works with regular entities and does not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. Thus, only ApiAware fields of the EntityDefinition will be encoded into the final JSON. - Cause: The processing of the Criteria did not account for ManyToMany associations, so they were not handled properly and the associated protections were not applied. 2. Affected Versions: - shopware/core (Composer): - = 6.6.0.0 = 6.6.0.0 <= 6.6.5.0 3. Fix: - Upgrade to Shopware 6.6.5.1 or 6.5.8.13 4. Workaround: - For older versions 6.2, 6.3, and 6.4, corresponding security measures can be obtained via plugins. It is recommended to upgrade to the latest Shopware version for full functionality. 5. Vulnerability ID: - CVE-2024-42354 6. Classification: - CWE-284 7. Reporter: - JoshuaBehrens