5 matches found
Shopware Has Improper Control of Generation of Code in Twig rendered views
Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2023-2017 Improper Control of Generation of Code in Twig Rendered Views in Shopware
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...