GHSA-5m3w-rvvh-8fx6

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Joomla! Object Injection Vulnerability

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for object injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

Ссылки

Пакеты

Наименование

joomla/joomla-cms

composer

Затронутые версииВерсия исправления

>= 2.5.0, < 3.9.3

3.9.3

EPSS

Процентиль: 80%

0.01365

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-7743

Дефекты

CWE-502

Связанные уязвимости

CVE-2019-7743

CVSS3: 9.8

nvd

почти 7 лет назад

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

EPSS

Процентиль: 80%

0.01365

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-7743

Дефекты

CWE-502