CVE-2023-34099
MEDIUM5.3EPSS 0.14%Shopware improper mail validation vulnerability
Published: 6/28/2023Modified: 2/16/2024
Description
### Impact The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. ### Patches We recommend updating to the current version 5.7.18. You can get the update to 5.7.18 regularly via the Auto-Updater or directly via the release page. https://github.com/shopware5/shopware/releases/tag/v5.7.18 For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html ### References https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
Affected packages (1)
- Packagist/shopware/shopware>= 5.1.4, < 5.7.18
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-34099
- PATCHhttps://github.com/shopware5/shopware
- WEBhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
- WEBhttps://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d
- WEBhttps://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5
- WEBhttps://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5
- WEBhttps://www.shopware.com/en/changelog-sw5/#5-7-18