Authenticated server-side request forgery in file upload via URL.

2021-08-2319:42:49

Google

osv.dev

0.001 Low

EPSS

Percentile

36.9%

JSON

Impact

Authenticated server-side request forgery in file upload via URL.

Patches

We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

CPENameOperatorVersion
shopware/platformeq6.2.0-RC1
shopware/platformeq6.1.3
shopware/platformeq6.1.6
shopware/platformeq6.3.0.0
shopware/coreeq6.4.1.2
shopware/coreeq6.3.5.4
shopware/platformeq6.3.1.1
shopware/platformeq6.1.4
shopware/coreeq6.1.0-rc2
shopware/coreeq6.2.3

Name	Operator	Version
shopware/platform	eq	6.2.0-RC1
shopware/platform	eq	6.1.3
shopware/platform	eq	6.1.6
shopware/platform	eq	6.3.0.0
shopware/core	eq	6.4.1.2
shopware/core	eq	6.3.5.4
shopware/platform	eq	6.3.1.1
shopware/platform	eq	6.1.4
shopware/core	eq	6.1.0-rc2
shopware/core	eq	6.2.3