View Issue Details

IDProjectCategoryView StatusLast Update
0007479OXID eShop (all versions)4.04. Securitypublic2023-08-01 09:38
Reportermichael_keiluweit 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionopen 
Product Version6.5.2 
Target VersionFixed in Version6.5.3 
Summary0007479: EE: package guzzlehttp/psr-7 2.4.3 has security flaws
DescriptionIn EE 6.5.2 metapackage we have a requirement for guzzlehttp/psr7 version 2.4.3 which has security issues

Initial: NVD - CVE-2022-24775

Follow Up: NVD - CVE-2023-29197

This dependency comes into metapackage because of unzer module ("oxid-esales/unzer": "v1.0.1").
TagsSecurity
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined