6 matches found
GHSA-7V2V-9RM4-7M8F Shopware Has Improper Control of Generation of Code in Twig rendered views
Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
Input validation
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2023-2017 Improper Control of Generation of Code in Twig Rendered Views in Shopware
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...
CVE-2023-22731
CVE-2023-22731 affects Shopware 6 Twig templates without Sandbox. A Twig environment without Sandbox can reference PHP functions via filters (map, filter, sort), enabling arbitrary code execution when an attacker has Twig access. The issue is mitigated by upgrading to 6.4.18.1 (filters overridden...