Lucene search
+L

6 matches found

OSV
OSV
added 2023/04/18 1:14 p.m.55 views

GHSA-7V2V-9RM4-7M8F Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

8.8CVSS8.4AI score0.02083EPSS
Exploits1References7
NVD
NVD
added 2023/04/17 11:15 a.m.32 views

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

8.8CVSS9.6AI score0.02083EPSS
Exploits1References3
Prion
Prion
added 2023/04/17 11:15 a.m.20 views

Input validation

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

6.5CVSS9.1AI score0.02083EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/04/17 10:18 a.m.21 views

CVE-2023-2017 Improper Control of Generation of Code in Twig Rendered Views in Shopware

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

8.8CVSS7.4AI score0.02083EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/01/17 9:31 p.m.15 views

CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...

9.9CVSS9.6AI score0.01333EPSS
Exploits0References3
CVE
CVE
added 2023/01/17 9:31 p.m.74 views

CVE-2023-22731

CVE-2023-22731 affects Shopware 6 Twig templates without Sandbox. A Twig environment without Sandbox can reference PHP functions via filters (map, filter, sort), enabling arbitrary code execution when an attacker has Twig access. The issue is mitigated by upgrading to 6.4.18.1 (filters overridden...

9.9CVSS8.7AI score0.01333EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder