CVE-2022-38352

2022-09-1502:15:09

Google

osv.dev

thinkphp

v6.0.13

deserialization

vulnerability

league\flysystem\cached\storage\psr6cache

arbitrary code

crafted payload

software

0.002 Low

EPSS

Percentile

53.9%

JSON

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

CPENameOperatorVersion
frameworkeq5.2-beta.2
frameworkeq6.0.7
frameworkeq6.0.12
frameworkeq5.1.2
frameworkeq5.1-beta.1
frameworkeq6.0.0-rc5
frameworkeq5.1.1
frameworkeq5.1.3
frameworkeq6.0.2
frameworkeq6.0.0-rc4

Name	Operator	Version
framework	eq	5.2-beta.2
framework	eq	6.0.7
framework	eq	6.0.12
framework	eq	5.1.2
framework	eq	5.1-beta.1
framework	eq	6.0.0-rc5
framework	eq	5.1.1
framework	eq	5.1.3
framework	eq	6.0.2
framework	eq	6.0.0-rc4

Rows per page:

1-10 of 391

References

github.com/top-think/framework/issues/2749

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for OSV:CVE-2022-38352