What is CVE-2023-22730?

CVE-2023-22730 is a medium-severity vulnerability in Shopware Platform, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2023-01-17.

How severe is CVE-2023-22730?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Improper input validation in Shopware Platform

CVE-2023-22730

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individ…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (53.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Shopware Platform — versions < 6.4.18.1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg (x_refsource_CONFIRM)
https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9 (x_refsource_MISC)
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-22730?: CVE-2023-22730 is a medium-severity vulnerability in Shopware Platform, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2023-01-17.
How severe is CVE-2023-22730?: Medium severity. CVSS v3 base score is 5.3 out of 10.