CVE-2022-21686
CRITICAL9.0EPSS 0.51%Server Side Twig Template Injection
發布日:2022/1/27修改日:2024/2/19
描述
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
受影響套件(1)
- Packagist/prestashop/prestashop>= 1.7.0.0, < 1.7.8.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-21686
- WEBhttps://github.com/PrestaShop/PrestaShop
- WEBhttps://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
- WEBhttps://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
- WEBhttps://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465