CVE-2023-39528: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the displayAjaxEmailHTML
method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
References
Detect and mitigate CVE-2023-39528 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →