Lucene search

K

[email protected]CVE-2024-34515

HistoryMay 05, 2024 - 9:15 p.m.

CVE-2024-34515

2024-05-0521:15:55

[email protected]

web.nvd.nist.gov

29

image-optimizer vulnerability

phar deserialization

file_exists()

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().

References

github.com/spatie/image-optimizer/compare/1.7.2...1.7.3

github.com/spatie/image-optimizer/issues/210

github.com/spatie/image-optimizer/pull/211

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Related for CVE-2024-34515

veracode1 nvd1 osv2 cvelist1 github1