GHSA-93cw-f5jj-x85w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-93cw-f5jj-x85w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-93cw-f5jj-x85w/GHSA-93cw-f5jj-x85w.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-93cw-f5jj-x85w
- Aliases
- Published
- 2023-01-17T23:58:06Z
- Modified
- 2023-11-01T05:01:08.484963Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
- Details
-
Impact
In Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like
map,filter,sort. This allows in the template to call any global PHP function.Patches
The problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished.
Workarounds
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
References
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
- Database specific
{ "nvd_published_at": "2023-01-17T22:15:00Z", "github_reviewed_at": "2023-01-17T23:58:06Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-94" ] }- References
-
- https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w
- https://nvd.nist.gov/vuln/detail/CVE-2023-22731
- https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
- https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
- https://github.com/shopware/platform
Affected packages
Packagist / shopware/platform
Package
- Name
- shopware/platform
- Purl
- pkg:composer/shopware/platform
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.18.1
Affected versions
v6.*
v6.0.0+ea2
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.2.0-RC1
v6.2.0
v6.2.1
v6.2.2
v6.2.3
6.*
6.3.0.0
6.3.0.1
6.3.0.2
6.3.1.0
6.3.1.1
6.3.2.0
6.3.2.1
6.3.3.0
6.3.3.1
6.3.4.0
6.3.4.1
6.3.5.0
6.3.5.1
6.3.5.2
6.3.5.3
6.3.5.4
6.4.0.0-RC1
6.4.0.0
6.4.1.0
6.4.1.1
6.4.1.2
6.4.2.0
6.4.2.1
6.4.3.0
6.4.3.1
6.4.4.0
6.4.4.1
6.4.5.0
6.4.5.1
6.4.6.0
6.4.6.1
6.4.7.0
6.4.8.0
6.4.8.1
6.4.8.2
6.4.9.0
6.4.10.0
6.4.10.1
6.4.11.0
6.4.11.1
6.4.12.0
6.4.13.0
6.4.14.0
6.4.15.0
6.4.15.1
6.4.15.2
6.4.16.0
6.4.16.1
6.4.17.0
6.4.17.1
6.4.17.2
6.4.18.0
Packagist / shopware/core
Package
- Name
- shopware/core
- Purl
- pkg:composer/shopware/core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.18.1
Affected versions
v6.*
v6.0.0+ea2
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.2.0-RC1
v6.2.0
v6.2.1
v6.2.2
v6.2.3
6.*
6.3.0.0
6.3.0.1
6.3.0.2
6.3.1.0
6.3.1.1
6.3.2.0
6.3.2.1
6.3.3.0
6.3.3.1
6.3.4.0
6.3.4.1
6.3.5.0
6.3.5.1
6.3.5.2
6.3.5.3
6.3.5.4
6.4.0.0-RC1
6.4.0.0
6.4.1.0
6.4.1.1
6.4.1.2
6.4.2.0
6.4.2.1
6.4.3.0
6.4.3.1
6.4.4.0
6.4.4.1
6.4.5.0
6.4.5.1
6.4.6.0
6.4.6.1
6.4.7.0
6.4.8.0
6.4.8.1
6.4.8.2
6.4.9.0
6.4.10.0
6.4.10.1
6.4.11.0
6.4.11.1
6.4.12.0
6.4.13.0
6.4.14.0
6.4.15.0
6.4.15.1
6.4.15.2
6.4.16.0
6.4.16.1
6.4.17.0
6.4.17.1
6.4.17.2
6.4.18.0