CVE-2023-22731 – shopware/core

Package

Manager: composer
Name: shopware/core
Vulnerable Version: >=0 <6.4.18.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.06266 pctl0.90544

Details

Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views ### Impact In Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows in the template to call any global PHP function. ### Patches The problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. ### Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. ### References https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates

Metadata

Created: 2023-01-17T23:58:06Z
Modified: 2023-01-25T18:04:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-93cw-f5jj-x85w/GHSA-93cw-f5jj-x85w.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-93cw-f5jj-x85w
Finding: F422
Auto approve: 1