In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
References
Link | Resource |
---|---|
https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76 | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg | Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76 | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76 - Patch, Third Party Advisory | |
References | () https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg - Third Party Advisory |
Information
Published : 2020-07-02 17:15
Updated : 2024-11-21 05:04
NVD link : CVE-2020-15080
Mitre link : CVE-2020-15080
CVE.ORG link : CVE-2020-15080
JSON object : View
Products Affected
prestashop
- prestashop