Skip to content

Add CVE-2019-12799 to Shopware

Tetiana Chupryna requested to merge CVE-2019-12799-shopware into master

From https://nvd.nist.gov/vuln/detail/CVE-2019-12799

Note: this vulnerability is for version 5.6.x, right now, there is only one such release 5.6.x-dev https://packagist.org/packages/shopware/shopware#5.6.x-dev

Last version in Gemnasium is 5.4.2

To be checked:

  • identifier should be the CVE id when it exists.
  • package_slug refers to a package listed on Gemnasium.
  • title is a short description. It does not contain the package name.
  • description must not contain an overview of the package, fixed versions, affected versions, solution or links. It leverages the Markdown syntax.
  • date is the date on which the advisory was made public.
  • not_impacted lists old versions that are not impacted, if any, the fixed versions.
  • solution tells how to remediate the vulnerability.
  • urls must contain URLs specific to the vulnerability, not URLs generic to the package itself.
  • uuid must be null or omitted. It's set when publishing the advisory on Gemnasium.
Edited by 🤖 GitLab Bot 🤖

Merge request reports