How severe is CVE-2024-42355?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-42355?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2024-42355

CRITICAL Year: 2024

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-1336

View all →

Vulnerability Description

Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.

CVE-2024-23692

CRITICAL

CVSS:9.8(Critical)

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary comma...

CWE-13362024

CVE-2024-24724

CRITICAL

CVSS:9.8(Critical)

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messeng...

CWE-13362024

CVE-2025-46661

CRITICAL

CVSS:9.8(Critical)

IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All ...

CWE-13362025

CVE-2024-12583

CRITICAL

CVSS:9.9(Critical)

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. T...

CWE-13362024

CVE-2024-37301

CRITICAL

CVSS:9.9(Critical)

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via se...

CWE-13362024

CVE-2025-23211

CRITICAL

CVSS:9.9(Critical)

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p...

CWE-13362025

CVE-2024-42355

Vulnerability Description

Related Vulnerabilities

CVE-2024-23692

CVE-2024-24724

CVE-2025-46661

CVE-2024-12583

CVE-2024-37301

CVE-2025-23211