Security
Headlines

Headlines Latest CVEs

Headline

GHSA-7cp7-jfp6-jh4f: Shopware's log module vulnerable to Improper Output Neutralization

Impact

The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access.

Patches

Update to the latest 6.4.18.1 version.

Workarounds

For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Remove from all users the log module ACL rights
Disable logging

References

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates

2 years ago

Shopware’s log module vulnerable to Improper Output Neutralization

Low severity GitHub Reviewed Published Jan 20, 2023 in shopware/platform • Updated Jan 20, 2023

ghsa: Latest News

GHSA-3qhf-m339-9g5v: MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

1 day ago

GHSA-j975-95f5-7wqh: MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service

1 day ago

GHSA-j4rj-fgcq-wmqp: Cockpit - Content Platform vulnerable to XSS through name or email argument names

2 days ago

GHSA-p85q-mww9-gwqf: Citizen Short Description stored XSS vulnerability through wikitext

2 days ago

GHSA-prmv-7r8c-794g: Citizen vulnerable to Stored XSS through short descriptions

2 days ago