Описание
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.29+esm8 |
| precise/esm | not-affected | |
| trusty | ignored | end of standard support |
| trusty/esm | released | 5.5.9+dfsg-1ubuntu4.29+esm8 |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 7.0.33-0ubuntu0.16.04.9 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.2.24-0ubuntu0.18.04.2 |
| devel | DNE | |
| disco | released | 7.2.24-0ubuntu0.19.04.2 |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 7.2.24-0ubuntu0.18.04.2 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.2.26 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 7.3.11-0ubuntu1 |
| disco | DNE | |
| eoan | released | 7.3.11-0ubuntu0.19.10.2 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.3.13 |
| xenial | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
3.7 Low
CVSS3
Связанные уязвимости
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
Уязвимость реализации класса PHP DirectoryIterator интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
4.3 Medium
CVSS2
3.7 Low
CVSS3