Shopware has Improper Input Validation issue in newsletter subscription
Moderate severity
GitHub Reviewed
Published
Jan 17, 2023
in
shopware/shopware
•
Updated Jan 20, 2023
Description
Published by the National Vulnerability Database
Jan 17, 2023
Published to the GitHub Advisory Database
Jan 20, 2023
Reviewed
Jan 20, 2023
Last updated
Jan 20, 2023
Impact
The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process.
Patches
The problem has been fixed with 6.4.18.1
Workarounds
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Or disable the newsletter registration completely.
References
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
References