The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.
References
Link | Resource |
---|---|
https://github.com/czim/file-handling/blob/2.3.0/SECURITY.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Sep 2024, 17:09
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-918 CWE-22 |
|
References | () https://github.com/czim/file-handling/blob/2.3.0/SECURITY.md - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
First Time |
Czim file-handling
Czim |
|
CPE | cpe:2.3:a:czim:file-handling:*:*:*:*:*:*:*:* |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-17 14:15
Updated : 2024-09-27 17:09
NVD link : CVE-2024-47049
Mitre link : CVE-2024-47049
CVE.ORG link : CVE-2024-47049
JSON object : View
Products Affected
czim
- file-handling