SCA: security update for prestashop/prestashop (GHSA-mrq4-7ch7-2465)

critical Tenable Cloud Security Plugin ID 417118

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version
1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The
problem is fixed in version 1.7.8.3. There are no known workarounds. (CVE-2022-21686)

See Also

https://github.com/advisories/GHSA-mrq4-7ch7-2465

Plugin Details

Severity: Critical

ID: 417118

Version: Revision 1.10

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-21686

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 1/27/2022

Vulnerability Publication Date: 1/26/2022

Reference Information

CVE: CVE-2022-21686

cwe: CWE-94