CVE-2023-3684

Name of the Vulnerable Software and Affected Versions LivelyWorks Articart version 2.0.1

Description A problematic issue was found in the Base64 Encoding Handler component, specifically affecting some unknown functionality of the file /change-language/de DE. The manipulation of the redirectTo argument leads to an open redirect. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For LivelyWorks Articart version 2.0.1, as a temporary workaround, consider restricting access to the /change-language/de DE file or disabling the Base64 Encoding Handler component until a patch is available. Avoid using the redirectTo argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.