CVE-2017-18357: Externally Controlled Reference to a Resource in Another Sphere
(updated )
Shopware has a PHP Object Instantiation issue via the sort
parameter to the loadPreviewAction()
method of the Shopware_Controllers_Backend_ProductStream
controller, with resultant XXE via instantiation of a SimpleXMLElement
object.
References
Detect and mitigate CVE-2017-18357 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →