Skip to content

Improper mail validation

Low
mitelg published GHSA-gh66-fp7j-98v5 Jun 27, 2023

Package

composer shopware/shopware (Composer)

Affected versions

>=5.1.4 <=5.7.17

Patched versions

5.7.18

Description

Impact

The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts.

Patches

We recommend updating to the current version 5.7.18. You can get the update to 5.7.18 regularly via the Auto-Updater or directly via the release page.
https://github.com/shopware5/shopware/releases/tag/v5.7.18

For older versions you can use the Security Plugin:
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023

Severity

Low

CVE ID

CVE-2023-34099

Weaknesses

No CWEs