Improper Input Validation of Clearance sale in cart
CVE-2023-22730

5.3MEDIUM

Key Information:

Vendor

Shopware

Status
Platform
Vendor
CVE Published:
17 January 2023

What is CVE-2023-22730?

An issue was identified in the Shopware commerce platform that allowed users to add the same line item multiple times to the shopping cart, effectively bypassing established quantity limits. This vulnerability arose from insufficient validation checks in the cart functionality, specifically within the Cart Validators, which failed to ensure the uniqueness of line items. The problem has been addressed in version 6.4.18.1, and users on the earlier major versions 6.1, 6.2, and 6.3 are advised to apply the available plugin fix to mitigate potential exploitation.

Affected Version(s)

platform < 6.4.18.1

References

https://github.com/shopware/platform/security/advisories/...
x_refsource_CONFIRM
https://github.com/shopware/platform/commit/4fce12096e54b...
x_refsource_MISC
https://docs.shopware.com/en/shopware-6-en/security-updat...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.