Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tcnE0LTdjaDctMjQ2Nc0mqQ
Server Side Twig Template Injection
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
Permalink: https://github.com/advisories/GHSA-mrq4-7ch7-2465JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcnE0LTdjaDctMjQ2Nc0mqQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-mrq4-7ch7-2465, CVE-2022-21686
References:
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
- https://nvd.nist.gov/vuln/detail/CVE-2022-21686
- https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
- https://github.com/advisories/GHSA-mrq4-7ch7-2465
Blast Radius: 2.7
Affected Packages
packagist:prestashop/prestashop
Dependent packages: 0Dependent repositories: 2
Downloads: 5,137 total
Affected Version Ranges: >= 1.7.0.0, <= 1.7.8.2
Fixed in: 1.7.8.3
All affected versions:
All unaffected versions: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7