GHSA-26hp-cgjj-m2j3

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

Описание

fuel/core ImageMagick driver does not escape all shell arguments.

This vulnerability may cause OS commands to be executed when you pass unvalidated image filenames containing specially crafted strings to the ImageMagick driver.

Ссылки

https://github.com/fuel/core/commit/95c134e9e087f3c4523fe6cd86ed4e9e1e7af91c
https://fuelphp.com/security-advisories
https://github.com/FriendsOfPHP/security-advisories/blob/master/fuel/core/2016-06-29-1.yaml

Пакеты

Наименование

fuel/core

composer

Затронутые версииВерсия исправления

< 1.8.0.4

1.8.0.4

Дефекты

CWE-78

Дефекты

CWE-78