CVE-2020-13970: SSRF
First published: Tue Jul 28 2020(Updated: )
Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | <6.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13970?
CVE-2020-13970 is a vulnerability in Shopware before version 6.2.3 that allows an authenticated user to perform Server-Side Request Forgery (SSRF) attacks.
How severe is CVE-2020-13970?
CVE-2020-13970 has a severity rating of 8.8 (high).
How does CVE-2020-13970 impact Shopware?
CVE-2020-13970 allows an authenticated user to send unauthorized HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware server, potentially leading to sensitive data exposure or unauthorized access.
How can CVE-2020-13970 be fixed?
To fix CVE-2020-13970, update Shopware to version 6.2.3 or later.
Are there any references for CVE-2020-13970?
Yes, you can find more information about CVE-2020-13970 at the following references: [National Vulnerability Database](https://nvd.nist.gov/vuln/detail/CVE-2020-13970), [Shopware Security Update](https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020), [Shopware Changelog](https://www.shopware.com/en/changelog/#6-2-3).
- collector/nvd-cve
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/shopware
- canonical/shopware shopware