PT-2021-21829 · Shopware · Shopware

Shyim

Published

2021-08-16

Updated

2021-08-24

CVE-2021-37711

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.3.1

Description The issue is related to an authenticated server-side request forgery vulnerability in file upload via URL. This vulnerability can be exploited in versions prior to 6.4.3.1.

Recommendations For versions prior to 6.4.3.1, update to version 6.4.3.1 to resolve the issue. For older versions of 6.1, 6.2, and 6.3, install the corresponding security plugin as a workaround.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-37711

GHSA-GCVV-GQ92-X94R

Affected Products

Shopware

PT-2021-21829 · Shopware · Shopware

CVE-2021-37711

Weakness Enumeration

Related Identifiers

Affected Products

References · 9