In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-12-23 03:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-11045
Mitre link : CVE-2019-11045
CVE.ORG link : CVE-2019-11045
JSON object : View
Products Affected
opensuse
- leap
php
- php
debian
- debian_linux
tenable
- securitycenter
canonical
- ubuntu_linux
fedoraproject
- fedora