CVE-2021-23592

Опубликовано: 06 мая 2022

Источник: nvd

CVSS3: 7.7

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.

Ссылки

https://github.com/top-think/framework/commit/d3b5aeae94bc71bae97977d05cd12c3e0550905c
Patch
Third Party Advisory
https://github.com/top-think/framework/releases/tag/v6.0.12
Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-TOPTHINKFRAMEWORK-2385695
Third Party Advisory
https://github.com/top-think/framework/commit/d3b5aeae94bc71bae97977d05cd12c3e0550905c
Patch
Third Party Advisory
https://github.com/top-think/framework/releases/tag/v6.0.12
Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-TOPTHINKFRAMEWORK-2385695
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*

Версия до 6.0.12 (исключая)

EPSS

Процентиль: 77%

0.01009

Низкий

7.7 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-3fpv-54ff-wqfj

CVSS3: 9.8

github

почти 4 года назад

Deserialization of Untrusted Data in topthink/framework

EPSS

Процентиль: 77%

0.01009

Низкий

7.7 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502