CVE-2020-15080

Name of the Vulnerable Software and Affected Versions PrestaShop versions 1.7.4.0 through 1.7.6.5

Description The issue arises from some files being incorrectly included in the release archive or being accessible when they should not be. A possible workaround is to restrict access to certain files, specifically making sure composer.json and docker-compose.yml are not accessible on the server.

Recommendations For PrestaShop versions 1.7.4.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue. As a temporary workaround, consider restricting access to composer.json and docker-compose.yml files on the server until the update to version 1.7.6.6 can be applied.