CVE-2023-34099
MEDIUM5.3EPSS 0.14%Shopware improper mail validation vulnerability
發布日:2023/6/28修改日:2024/2/16
描述
### Impact The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. ### Patches We recommend updating to the current version 5.7.18. You can get the update to 5.7.18 regularly via the Auto-Updater or directly via the release page. https://github.com/shopware5/shopware/releases/tag/v5.7.18 For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html ### References https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
受影響套件(1)
- Packagist/shopware/shopware>= 5.1.4, < 5.7.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-34099
- PATCHhttps://github.com/shopware5/shopware
- WEBhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
- WEBhttps://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d
- WEBhttps://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5
- WEBhttps://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5
- WEBhttps://www.shopware.com/en/changelog-sw5/#5-7-18