CVE-2023-22734
MEDIUM4.3EPSS 0.30%Shopware has Improper Input Validation issue in newsletter subscription
發布日:2023/1/20修改日:2023/11/8
描述
### Impact The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. ### Patches The problem has been fixed with 6.4.18.1 ### Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Or disable the newsletter registration completely. ### References https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
受影響套件(2)
- Packagist/shopware/corefrom 0, < 6.4.18.1
- Packagist/shopware/platformfrom 0, < 6.4.18.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-22734
- PATCHhttps://github.com/shopware/platform
- WEBhttps://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
- WEBhttps://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620
- WEBhttps://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2