CVE-2020-13970

HIGH8.8EPSS 0.40%

Shopware vulnerable to SSRF

發布日:2022/5/24修改日:2024/2/16

描述

Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.

受影響套件(1)

Packagist/shopware/platformfrom 0, < 6.2.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13970
PATCHhttps://github.com/shopware/platform
WEBhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020
WEBhttps://www.shopware.com/en/changelog/#6-2-3