GHSA-g7w8-pp9w-7p32

Source

https://github.com/advisories/GHSA-g7w8-pp9w-7p32

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-g7w8-pp9w-7p32/GHSA-g7w8-pp9w-7p32.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-g7w8-pp9w-7p32

Aliases

Published

2021-06-28T16:57:32Z

Modified

2024-12-02T05:55:27.869950Z

Summary

Creation of order credits was not validated by acl in admin orders

Details

Impact

Creation of order credits was not validated by ACL in admin orders

Patches

We recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-306"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-24T19:19:59Z"
}

References

Affected packages

Packagist / shopware/platform

Package

Name: shopware/platform
Purl: pkg:composer/shopware/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.1.1

Affected versions

v6.*

v6.0.0+ea2

v6.1.0-rc1

v6.1.0-rc2

v6.1.0-rc3

v6.1.0-rc4

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.2.0-RC1

v6.2.0

v6.2.1

v6.2.2

v6.2.3

6.*

6.3.0.0

6.3.0.1

6.3.0.2

6.3.1.0

6.3.1.1

6.3.2.0

6.3.2.1

6.3.3.0

6.3.3.1

6.3.4.0

6.3.4.1

6.3.5.0

6.3.5.1

6.3.5.2

6.3.5.3

6.3.5.4

6.4.0.0-RC1

6.4.0.0

6.4.1.0

Database specific

{
    "last_known_affected_version_range": "<= 6.4.1.0"
}

Packagist / shopware/core