← back
CVE-2020-15080

Information disclosure in release archive in PrestaShop

CVSS 5.3 MEDIUMEPSS 0.9%CWE-200
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
PrestaShop · PrestaShop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg