GHSA-2gq2-m628-33xp

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

Описание

gregwar/rst Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability has been discovered in the gregwar/rst library, potentially exposing sensitive files on the server to unauthorized users. The issue arises from inadequate input validation, allowing an attacker to manipulate file paths and include arbitrary files.

Ссылки

https://github.com/Gregwar/RST/pull/34
https://github.com/Gregwar/RST/commit/e8d90ccbeddd91ba3abc506079661dce234f9870
https://hackerone.com/reports/179034
https://github.com/FriendsOfPHP/security-advisories/blob/master/gregwar/rst/2016-10-31.yaml

Пакеты

Наименование

gregwar/rst

composer

Затронутые версииВерсия исправления

< 1.0.3

1.0.3