CVE-2022-28888
CVE-2022-28888 affects Spryker Commerce OS 1.4.2 and specifically the spryker/http module versions below 1.7.0. The root cause is described as a predictable value used to sign/verify special _fragment URLs, enabling an attacker to cause remote command execution in many setups. Advisories state th...