Описание
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | windows-specific |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty/esm | not-affected | windows-specific |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | windows-specific |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | not-affected | windows-specific |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | not-affected | windows-specific |
| focal | not-affected | windows-specific |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| upstream | not-affected | debian: Windows-specific |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | not-affected | windows-specific |
| mantic | DNE | |
| noble | DNE | |
| upstream | not-affected | windows-specific |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | not-affected | windows-specific |
| noble | DNE | |
| upstream | not-affected | debian: Windows-specific |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | windows-specific |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | not-affected | windows-specific |
| upstream | not-affected | windows-specific |
Показывать по
7.7 High
CVSS3
Связанные уязвимости
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
7.7 High
CVSS3