Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9v3j-4j64-p937

Опубликовано: 27 нояб. 2023
Источник: github
Github: Прошло ревью
CVSS3: 8.5

Описание

OroPlatform vulnerable to path traversal during temporary file manipulations

Impact

Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted immediately after the script ends.

Workarounds

Apply patch

--- a/vendor/oro/platform/src/Oro/Bundle/GaufretteBundle/FileManager.php +++ b/vendor/oro/platform/src/Oro/Bundle/GaufretteBundle/FileManager.php @@ -614,6 +614,10 @@ */ public function getTemporaryFileName(string $suggestedFileName = null): string { + if ($suggestedFileName) { + $suggestedFileName = basename($suggestedFileName); + } + $tmpDir = ini_get('upload_tmp_dir'); if (!$tmpDir || !is_dir($tmpDir) || !is_writable($tmpDir)) { $tmpDir = sys_get_temp_dir();

Or decorate Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName in your customization and clear $suggestedFileName argument

public function getTemporaryFileName(string $suggestedFileName = null): string { if ($suggestedFileName) { $suggestedFileName = basename($suggestedFileName); } return parent::getTemporaryFileName($suggestedFileName); }

References

Ссылки

Пакеты

Наименование

oro/platform

composer
Затронутые версииВерсия исправления

>= 4.1.0, <= 4.1.13

Отсутствует

Наименование

oro/platform

composer
Затронутые версииВерсия исправления

>= 4.2.0, <= 4.2.10

Отсутствует

Наименование

oro/platform

composer
Затронутые версииВерсия исправления

>= 5.0.0, < 5.0.8

5.0.8

EPSS

Процентиль: 61%
0.00414
Низкий

8.5 High

CVSS3

CVE ID

CVE-2022-41951

Дефекты

CWE-22

Связанные уязвимости

nvd логотип

CVE-2022-41951

CVSS3: 8.5
nvd
около 2 лет назад

OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

EPSS

Процентиль: 61%
0.00414
Низкий

8.5 High

CVSS3

CVE ID

CVE-2022-41951

Дефекты

CWE-22