GHSA-qvc5-cfrr-384v

Source

https://github.com/advisories/GHSA-qvc5-cfrr-384v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-qvc5-cfrr-384v/GHSA-qvc5-cfrr-384v.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qvc5-cfrr-384v

Published

2020-09-23T17:20:28Z

Modified

2024-12-02T05:43:38.047073Z

Summary

RCE in Third Party Library in Shopware

Details

Impact

RCE in Third Party Library

Patches

We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin: https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

References

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020

Database specific

{
    "github_reviewed_at": "2020-09-23T15:01:47Z",
    "github_reviewed": true,
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW"
}

References

Affected packages

Packagist / shopware/platform

Package

Name: shopware/platform
Purl: pkg:composer/shopware/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.1.1

Affected versions

v6.*

v6.0.0+ea2

v6.1.0-rc1

v6.1.0-rc2

v6.1.0-rc3

v6.1.0-rc4

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.2.0-RC1

v6.2.0

v6.2.1

v6.2.2

v6.2.3

6.*

6.3.0.0

6.3.0.1

6.3.0.2

6.3.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-qvc5-cfrr-384v/GHSA-qvc5-cfrr-384v.json"

last_known_affected_version_range

"<= 6.3.1.0"

Packagist / shopware/core