Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shopware Improper Control of Generation of Code in Twig rendered views
Vulnerability Description
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Shopware 代码注入漏洞
Vulnerability Description
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 6.7.6.1之前版本存在代码注入漏洞,该漏洞源于CVE-2023-2017漏洞的回归导致数组和特制的PHP闭包未针对map(...)覆盖的允许列表进行检查。
CVSS Information
N/A
Vulnerability Type
N/A