Security advisory > CVE-2023-28843

Security advisory > CVE-2023-28843


Which versions are affected by this vulnerability?

If you are on PrestaShop 1.7 or 8+, the vulnerability is not present. Module PayPal Official 3.12.0 to 3.16.3 are impacted.

The version that fixes the vulnerability is 3.16.4. Version 3.17.0 is also fixed.

How to verify if my module is vulnerable ?

Reminder: PrestaShop 1.7 or 8+, the vulnerability is not present.

We have developed a module that detects if the vulnerability is present and can patch the file.

  1. Download the file paypalcvefixer.zip  attached of this article.
  2. Install the module in your back office by downloading the ZIP file obtained in the previous step.
  3. Once installed, click on "Configure".
  4. An orange message will appear to indicate that patching is required, or a green message will appear if all are OK.
  5. Don't forget to remove this "fixer" module after

Where can I find the technical details of the vulnerability?

For technical details and recommandations:

https://github.com/202ecommerce/paypal/security/advisories/GHSA-66pc-8gh8-mx7m


How to contact support team?

For any question about PayPal official module, please contact our support team by filling this form.

Crédit

The hoster TouchWeb.fr found the vulnerability.
We would like to say thank you.

    • Related Articles

    • Release notes - Version > 2.0.0

      Septembre 24th 2024 - Module version 2.0.1 Bug fix (multishop) September 16th 2024 - Module version 2.0.0 PrestaShop multistore Support Zendesk multibrand support Shipping tracking code availability within the Zendesk interface Ability to subscribe ...
    • SSL and configuration issues

      In this guide, we have added this article, since we have several clients with the problem of compatibility with the SSL certificate when installing their PayPal module in their environment. First of all, the customer must make sure to comply with all ...
    • Comparison of Paypal Official and PS Checkout modules

      With 61% of European customers having used it in the last 6 months and offered by 70% of businesses, PayPal has established itself as one of the most renowned brands in the world. For an even smoother payment experience, PrestaShop Checkout has ...
    • User documentation for the Braintree PrestaShop module

      User documentation for the Braintree PrestaShop module
    • Documentation Delivengo 2.0.0 version - English

      Documentation 2.0.0 version - English