CVE-2023-2017
Published Apr 17, 2023
Last updated 2 years ago
Overview
- Description
- Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.
- Source
- info@starlabs.sg
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FB9ED1C-3438-4CFA-8C79-0AB0E493954D",
"versionEndIncluding": "6.4.20.0",
"versionStartIncluding": "6.1.0"
},
{
"criteria": "cpe:2.3:a:shopware:shopware:6.5.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13452371-6436-4FC4-B535-B1064B3DA20A"
},
{
"criteria": "cpe:2.3:a:shopware:shopware:6.5.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B0D3A28-E2CF-499E-BD2B-8655E3F09791"
},
{
"criteria": "cpe:2.3:a:shopware:shopware:6.5.0.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F1201D0-0621-4744-9D53-C0B8C5FE00D2"
}
],
"operator": "OR"
}
]
}
]