CVE-2020-13970: Server-Side Request Forgery (SSRF)

July 28, 2020 (updated July 31, 2020)

Shopware is vulnerable to a Server-Side Request Forgery (SSRF) in its “Mediabrowser upload by URL” feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.

References

docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020
nvd.nist.gov/vuln/detail/CVE-2020-13970
www.shopware.com/en/changelog/

Detect and mitigate CVE-2020-13970 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →