GHSA-42gv-77f4-r3j9

Source

https://github.com/advisories/GHSA-42gv-77f4-r3j9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-42gv-77f4-r3j9/GHSA-42gv-77f4-r3j9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-42gv-77f4-r3j9

Aliases

CVE-2018-20713

Published

2022-05-14T01:39:47Z

Modified

2024-02-16T08:25:04.261709Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Shopware SQL Injection

Details

Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.

Database specific

{
    "nvd_published_at": "2019-01-15T16:29:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T18:22:03Z"
}

References

Affected packages

Packagist / shopware/shopware

Package

Name: shopware/shopware
Purl: pkg:composer/shopware/shopware

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.3

Affected versions

1.*

1.0.2

1.0.8

4.*

4.2.0-rc.1

4.2.0

4.2.1

4.2.1.1

4.2.2

4.2.3

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

v5.*

v5.0.0-BETA1

v5.0.0-BETA2

v5.0.0-RC1

v5.0.0-RC2

v5.0.0-RC3

v5.0.0

v5.0.1

v5.0.2-RC1

v5.0.2

v5.0.3-RC1

v5.0.3

v5.0.4-RC1

v5.0.4

v5.1.0-RC2

v5.1.0-RC3

v5.1.0

v5.1.1

v5.1.2-RC1

v5.1.2-RC2

v5.1.2

v5.1.3-RC1

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.2.0-BETA1

v5.2.0-RC1

v5.2.0-RC2

v5.2.0-RC3

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.2.5

v5.2.6

v5.2.7

v5.2.8

v5.2.9

v5.2.10

v5.2.11

v5.2.12

v5.2.13

v5.2.14

v5.2.15

v5.2.16

v5.2.17

v5.2.18

v5.2.19

v5.2.20

v5.2.21

v5.2.22

v5.2.23

v5.2.24

v5.2.25

v5.2.26

v5.2.27

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.4.0-RC1

v5.4.0

v5.4.1

v5.4.2

5.*

5.3.0