Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2017: Shopware 6 - Security Updates

Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in Shopware\Core\Framework\Adapter\Twig\SecurityExtension and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.

CVE
Open in Source
#vulnerability#git#php

In this security release, we have resolved a vulnerability of threat level "critical". Affected are all Shopware versions up to and including 6.4.20.0. The following issues have been fixed with this security update:

NEXT-26140 - Improve Twig Security Extension to verify PHP Closures in Twig Templates (GHSA-7v2v-9rm4-7m8f)

We recommend updating to the current version 6.4.20.1. You can update to 6.4.20.1 via the auto-updater or manually via the download package.
https://www.shopware.com/en/download/#shopware-6

For older versions, corresponding security measures are also available via the central security plugin for Shopware 6.
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

Related news

GHSA-7v2v-9rm4-7m8f: Improper Control of Generation of Code in Twig rendered views

### Impact We fixed with [CVE-2023-22731](https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w) Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list ### Patches The problem has been fixed with 6.4.20.1 with an improved override. ### Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. ### References https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023?category=security-updates

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE