CVE-2020-15080

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15080
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15080.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15080
Related
  • GHSA-492w-2pp5-xhvg
Published
2020-07-02T17:15:12.200Z
Modified
2026-04-10T04:23:28.409044Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server.

References

Affected packages

Git / github.com/prestashop/prestashop

Affected ranges

Type
GIT
Repo
https://github.com/prestashop/prestashop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b2956eec991d4bdc0651862557afc472c04ae8cc
Fixed
35ef7e9d892287c302df1fc5aa05ecfc6f15bc76
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.6.6"
        }
    ]
}

Affected versions

1.*
1.6.0.1
1.6.0.3
1.6.1.0
1.7.0.0-beta.1.0
1.7.0.0-beta.2.0
1.7.0.0-beta.4.0
1.7.0.0-rc.0.0
1.7.6.0
1.7.6.0-rc.1
1.7.6.0-rc.2
1.7.6.1
1.7.6.3
1.7.6.4
1.7.6.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15080.json"