(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension
Summary: Product Shopware Vendor Shopware AG Severity High - Users with login access to Shopware Admin panel may be able to obtain remote code/command execution Affected Versions v6.4.18.1 <= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4 (Commit facfc88) Tested Versions v6.4.20.0 (Latest stable version), v6.5.0.0-rc3 (Latest pre-release version) CVE Identifier CVE-2023-2017 CVE Description Server-side Template Injection (SSTI) in Shopware 6 (<= v6....