CVE-2020-13970

Server-Side Request Forgery (SSRF) in packagist/shopware/shopware

Identifiers

CVE-2020-13970

Package Slug

packagist/shopware/shopware

Vulnerability

Server-Side Request Forgery (SSRF)

Description

Shopware is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.

Affected Versions

All versions before 6.2.3

Solution

Upgrade to version 6.2.3 or later

Last Modified

2020-08-03

source