{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44969?format=json","vulnerability_id":"VCID-4m2y-d8vg-b7fj","summary":"Improper Control of Generation of Code ('Code Injection')\nServer-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\\Core\\Framework\\Adapter\\Twig\\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.","aliases":[{"alias":"CVE-2023-2017"},{"alias":"GHSA-7v2v-9rm4-7m8f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64799?format=json","purl":"pkg:composer/shopware/core@6.4.20%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.20%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/64798?format=json","purl":"pkg:composer/shopware/platform@6.4.20%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.20%252B1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64756?format=json","purl":"pkg:composer/shopware/shopware@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4m2y-d8vg-b7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/64757?format=json","purl":"pkg:composer/shopware/shopware@6.4.20%2B0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4m2y-d8vg-b7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.4.20%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/64758?format=json","purl":"pkg:composer/shopware/shopware@6.5.0%2B0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4m2y-d8vg-b7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.5.0%252B0"}],"references":[{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023","reference_id":"","reference_type":"","scores":[],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/releases/tag/v6.4.20.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/shopware/platform/releases/tag/v6.4.20.1"},{"reference_url":"https://starlabs.sg/advisories/23/23-2017","reference_id":"","reference_type":"","scores":[],"url":"https://starlabs.sg/advisories/23/23-2017"},{"reference_url":"https://starlabs.sg/advisories/23/23-2017/","reference_id":"","reference_type":"","scores":[],"url":"https://starlabs.sg/advisories/23/23-2017/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2017","reference_id":"CVE-2023-2017","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2017"},{"reference_url":"https://github.com/advisories/GHSA-7v2v-9rm4-7m8f","reference_id":"GHSA-7v2v-9rm4-7m8f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7v2v-9rm4-7m8f"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f","reference_id":"GHSA-7v2v-9rm4-7m8f","reference_type":"","scores":[],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f","reference_id":"GHSA-7v2v-9rm4-7m8f","reference_type":"","scores":[],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":94,"name":"Improper Control of Generation of Code ('Code Injection')","description":"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment."},{"cwe_id":1336,"name":"Improper Neutralization of Special Elements Used in a Template Engine","description":"The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4m2y-d8vg-b7fj"}