支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 1612afe5b7af1be02be9b19bd01fad8dd39aeb6b

来源
https://github.com/EmicoEcommerce/Magento-APSB22-48-Security-Patches
关联漏洞
标题:Adobe Commerce 跨站脚本漏洞 (CVE-2022-35698)
Description:Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在跨站脚本漏洞。攻击者利用该漏洞可以执行任意代码。
Description
This repository contains potential security patches for the Magento APSB22-48 and CVE-2022-35698 security vulnerability
介绍
**Official Magento Patches have been released: [Magento Docs](https://experienceleague.adobe.com/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/adobe-commerce-2.4.0-2.4.5-security-hotfix-for-cve-2022-35698.html?lang=en)
These patches address the same security issues as this repository does. Except that we've added a few fixes to older Magento versions.**

# Security patches for APSB22-48

This repository contains Magento 2 Patch Files for the recently found security issues on 12-10-2022.
The patch files aim to fix the CVE-2022-35698 and CVE-2022-35689 vulnerabilities.

There is not much information about the exact fix which has been released in the newly released patch versions of Magento. 
To create these patch files we've tried our best to inspect the [2.4.4-p1...2.4.4-p2 diff](https://github.com/magento/magento2/compare/2.4.4-p1...2.4.4-p2.diff) and extract the possible security fixes which seems to be in the Magento template directives.

## Contents

As of now the patch only applies a few fixes in the `Magento/Framework/Filter` namespace which have been extracted from the following commit: [Patch Commit](https://github.com/magento/magento2/commit/11846a1a10539470f2fe1522030ff42d62daa562#diff-adf392bf8e6a1c22dc920c482055f9611acb6b8d5940397d5281e53354230ed8)

According to the newly released Magento patches this covers the current security issue. 

The `magento/module-customer` patch applies a fix to the Webapi for Customer creation and Customer Confirmation Controller.
- The Webapi patch fixes an issue where it used to be possible to send multiple keys with different capitalized key fields thus possibly ignoring any validation made by Magento.
- The Confirmation Controller is changed to cast a `id` POST parameter to an integer.

The `magento/framework` patch applies a fix to the CMS template directive parsing, a signature is added and a depth check.
We think the cause could be issues with nested CMS directives in Magento 2 and certain customer data being exposed to a XSS attack.

## Installation

Use a package such as [cweagans/composer-patches](https://github.com/cweagans/composer-patches) or [vaimo/composer-patches](https://github.com/vaimo/composer-patches) to apply the correct patch file to your Magento shop.
The patches are to be applied to the `magento/framework` and `magento/module-customer` package.
The correct patch file can be found within the folder corresponding to your Magento 2 version.

Make sure to include the email, customer and framework patch. The email patch fixes a change introduced by the security patch which may break email template subjects.

## Troubleshooting

#### An error occurred during content generation
The patch changes the way template directives are parsed, this may break certain CMS pages where the content is nested in a Magento 2 translation `__()`.
When one of these content generation errors occur make sure to remove the redundant `__()` call in your code.

## Contributing

Feel free to create missing patch files for your Magento 2 version and create a Pull Request!
文件快照

 [4.0K]  /data/pocs/1612afe5b7af1be02be9b19bd01fad8dd39aeb6b
├── [4.0K]  2.3.7-p2
│   ├── [4.0K]  framework
│   │   └── [ 17K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [4.0K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.3.7-p3
│   ├── [4.0K]  framework
│   │   └── [ 15K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [4.0K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.3.7-p4
│   ├── [4.0K]  framework
│   │   └── [ 15K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [4.0K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.4.1
│   ├── [4.0K]  framework
│   │   └── [ 17K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [3.9K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.4.2-p1
│   ├── [4.0K]  framework
│   │   └── [ 17K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [3.9K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.4.2-p2
│   ├── [4.0K]  framework
│   │   └── [ 17K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [3.9K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.4.3-p1
│   ├── [4.0K]  framework
│   │   └── [ 17K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [3.9K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [4.0K]  2.4.3-p2
│   ├── [4.0K]  framework
│   │   └── [ 15K]  APSB22-48-CVE-2022-35698.patch
│   ├── [4.0K]  module-customer
│   │   └── [3.9K]  APSB22-48-CVE-2022-35698.patch
│   └── [4.0K]  module-email
│       └── [ 550]  APSB22-48-CVE-2022-35698.patch
├── [1.0K]  LICENSE
└── [3.0K]  README.md

32 directories, 26 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。