Lucene search

GoogleOSV:GHSA-QJJJ-7G7H-54V3

HistorySep 16, 2022 - 12:00 a.m.

ThinkPHP deserialization vulnerability

2022-09-1600:00:39

Google

osv.dev

thinkphp v6.0.13

deserialization vulnerability

league\flysystem\cached\storage\psr6cache

arbitrary code

crafted payload

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.9%

JSON

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

CPENameOperatorVersion
topthink/frameworkeq5.1.11
topthink/frameworkeq5.0.25
topthink/frameworkeq5.1.30
topthink/frameworkeq6.0.3
topthink/frameworkeq5.1.41
topthink/frameworkeq5.1.1
topthink/frameworkeq6.0.0-rc3
topthink/frameworkeq5.0.20
topthink/frameworkeq5.0.14
topthink/frameworkeq5.0.17

Name	Operator	Version
topthink/framework	eq	5.1.11
topthink/framework	eq	5.0.25
topthink/framework	eq	5.1.30
topthink/framework	eq	6.0.3
topthink/framework	eq	5.1.41
topthink/framework	eq	5.1.1
topthink/framework	eq	6.0.0-rc3
topthink/framework	eq	5.0.20
topthink/framework	eq	5.0.14
topthink/framework	eq	5.0.17

Rows per page:

1-10 of 1001

References

github.com/top-think/framework

github.com/top-think/framework/issues/2749

nvd.nist.gov/vuln/detail/CVE-2022-38352

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for OSV:GHSA-QJJJ-7G7H-54V3