GHSA-8237-957h-h2c2

Опубликовано: 13 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.5

CVSS3: 7.6

Описание

FileManager Deserialization of Untrusted Data vulnerability

Impact

Deserialization of untrusted data from the mimes parameter could lead to remote code execution.

Patches

Fixed in 3.0.9

Workarounds

Not needed, a composer update will solve it in a non-breaking way.

References

Reported responsibly Vladislav Gladkiy at Positive Technologies.

Ссылки

Пакеты

Наименование

backpack/filemanager

composer

Затронутые версииВерсия исправления

>= 3.0.0, < 3.0.9

3.0.9

Наименование

backpack/filemanager

composer

Затронутые версииВерсия исправления

< 2.0.2

2.0.2

EPSS

Процентиль: 88%

0.03713

Низкий

8.5 High

CVSS4

7.6 High

CVSS3

CVE ID

CVE-2024-52306

Дефекты

CWE-502

Связанные уязвимости

CVE-2024-52306

CVSS3: 7.6

nvd

около 1 года назад

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.

EPSS

Процентиль: 88%

0.03713

Низкий

8.5 High

CVSS4

7.6 High

CVSS3

CVE ID

CVE-2024-52306

Дефекты

CWE-502