GHSA-5834-xv5q-cgfw

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-5834-xv5q-cgfw/GHSA-5834-xv5q-cgfw.json

Aliases

CVE-2022-31148

Published

2022-07-27T22:06:09Z

Modified

2022-08-11T16:34:49Z

Details

Impact

Persistent XSS in customer module

Patches

We recommend updating to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022

References

https://github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfw
https://nvd.nist.gov/vuln/detail/CVE-2022-31148
https://github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07daf
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022
https://github.com/shopware/shopware
https://www.shopware.com/en/changelog-sw5/#5-7-14

Affected packages

Packagist / shopware/shopware

shopware/shopware

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.7.0

Fixed

5.7.14

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 5.7.13"
}