Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/prestashop/prestashop@1.7.0%2B0
purl pkg:composer/prestashop/prestashop@1.7.0%2B0
Tags Ghost
Next non-vulnerable version 8.2.4
Latest non-vulnerable version 9.1.0
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ghu1-c6e6-pudm
Aliases:
CVE-2022-21686
GHSA-mrq4-7ch7-2465
Improper Control of Generation of Code ('Code Injection') PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
1.7.8+3
Affected by 0 other vulnerabilities.
1.7.8.3
Affected by 16 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:59:25.360170+00:00 GHSA Importer Affected by VCID-ghu1-c6e6-pudm https://github.com/advisories/GHSA-mrq4-7ch7-2465 38.0.0
2026-04-01T12:49:21.036674+00:00 GitLab Importer Affected by VCID-ghu1-c6e6-pudm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2022-21686.yml 38.0.0