CVE-2023-22730: Input Validation
First published: Tue Jan 17 2023(Updated: )
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | <6.4.18.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22730?
CVE-2023-22730 is a vulnerability in Shopware that allows users to bypass quantity limits in the shopping cart.
How does CVE-2023-22730 affect Shopware?
CVE-2023-22730 affects Shopware versions up to 6.4.18.1 and allows users to add the same line item multiple times in the cart using the AP.
What is the severity of CVE-2023-22730?
The severity of CVE-2023-22730 is high, with a CVSS score of 7.5.
How can I fix CVE-2023-22730?
To fix CVE-2023-22730, it is recommended to update Shopware to a version that includes the necessary security patches.
Where can I find more information about CVE-2023-22730?
More information about CVE-2023-22730 can be found in the official Shopware security update page and the related GitHub links.
- collector/nvd-index
- vendor/shopware
- canonical/shopware shopware