Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/01/14 4:54 p.m.9 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

7.2CVSS6.8AI score0.00407EPSS
Exploits1References5Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.7 views

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

9.9CVSS7.8AI score0.02083EPSS
Exploits1References1
NVD
NVD
added 2023/04/17 11:15 a.m.28 views

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

8.8CVSS9.6AI score0.02083EPSS
Exploits1References3
OSV
OSV
added 2023/04/17 11:15 a.m.20 views

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

8.8CVSS9.4AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/17 10:18 a.m.9 views

CVE-2023-2017 Improper Control of Generation of Code in Twig Rendered Views in Shopware

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

8.8CVSS9.1AI score0.02083EPSS
Exploits1References3
Rows per page
Query Builder