Lucene search

[email protected]NVD:CVE-2023-23941

HistoryFeb 03, 2023 - 9:15 p.m.

CVE-2023-23941

2023-02-0321:15:11

CWE-345

[email protected]

web.nvd.nist.gov

swagpaypal

shopware/platform

paypal integration

javascript-based

checkout methods

security fix

payment methods

security plugin

version 5.4.4

workaround.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

27.5%

JSON

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.

Affected configurations

Nvd

Node

shopwareswagpaypalRange<5.4.4

VendorProductVersionCPE
shopwareswagpaypal*cpe:2.3:a:shopware:swagpaypal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shopware	swagpaypal	*	cpe:2.3:a:shopware:swagpaypal::::::::

References

github.com/shopware/SwagPayPal/commit/57db5f4a57ef0a1646b509b415de9f03bf441b08

github.com/shopware/SwagPayPal/security/advisories/GHSA-vxpm-8hcp-qh27

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

27.5%

JSON

Related for NVD:CVE-2023-23941

github1 osv2 cve1 prion1 veracode1 cvelist1