CVE-2020-28925

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

Ссылки

https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a
Patch
Third Party Advisory
https://github.com/bolt/bolt/compare/3.7.1...3.7.2
Patch
Third Party Advisory
https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a
Patch
Third Party Advisory
https://github.com/bolt/bolt/compare/3.7.1...3.7.2
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*

Версия до 3.7.2 (исключая)

EPSS

Процентиль: 56%

0.00344

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-28925

CVSS3: 5.3

msrc

4 месяца назад

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

GHSA-w8cj-mvf9-mpc9

CVSS3: 5.3

github

почти 5 лет назад

OS Command injection in Bolt

EPSS

Процентиль: 56%

0.00344

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo