2 matches found
EUVD-2024-2460
Malicious code in bioql PyPI...
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Impact Shopware has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. It accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Patches Update to Shopware 6.6.5.1 or...