Описание
Shopware Remote Code Execution Vulnerability
Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware. This is a critical security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.14 are affected.
Ссылки
- https://github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec
- https://community.shopware.com/_detail_1989.html
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates
- https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml
Пакеты
Наименование
shopware/shopware
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 5.2.15
5.2.15
Наименование
shopware/shopware
composer
Затронутые версииВерсия исправления
< 1.0.8
1.0.8
9.8 Critical
CVSS3
Дефекты
CWE-74
9.8 Critical
CVSS3
Дефекты
CWE-74