7 matches found
EUVD-2024-2460
Malicious code in bioql PyPI...
CVE-2024-42355
Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...
CVE-2024-42355
Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...
CVE-2024-42355
Shopware is vulnerable to Server-Side Template Injection via the new Twig tag sw_silent_feature_call. The parameter (feature flag name) is not escaped properly, allowing code execution. Affected versions include 6.6.5.0/6.5.x prior to 6.6.5.1 and 6.5.8.13; older 6.2–6.4 can receive protections vi...
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the fact that the vulnerability originates from its new Twig tag, which is used to mute discarded...