Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/prestashop/prestashop@1.7.8%2B3

Type composer

Namespace prestashop

Name prestashop

Version 1.7.8+3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.7.8+9

Latest_non_vulnerable_version 9.0.3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-dwbh-pjyu-rufu

vulnerability_id VCID-dwbh-pjyu-rufu

summary

Improper Control of Generation of Code ('Code Injection')
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

references

reference_url	https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
reference_id
reference_type
scores
url	https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21

reference_url	https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
reference_id
reference_type
scores
url	https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-21686
reference_id	CVE-2022-21686
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-21686

reference_url	https://github.com/advisories/GHSA-mrq4-7ch7-2465
reference_id	GHSA-mrq4-7ch7-2465
reference_type
scores
url	https://github.com/advisories/GHSA-mrq4-7ch7-2465

reference_url	https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
reference_id	GHSA-mrq4-7ch7-2465
reference_type
scores
url	https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465

fixed_packages

url	pkg:composer/prestashop/prestashop@1.7.8%2B3
purl	pkg:composer/prestashop/prestashop@1.7.8%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B3

aliases CVE-2022-21686, GHSA-mrq4-7ch7-2465

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwbh-pjyu-rufu

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B3

Package Instance