62 matches found
CVE-2021-36567
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...
CVE-2021-36564
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...
CVE-2021-36567
ThinkPHP v6.0.8 contains a deserialization vulnerability in the League\Flysystem\Cached\Storage\AbstractCache component. Affected software: ThinkPHP v6.0.8. Root cause: deserialization vulnerability in the specified cache storage AbstractCache. Impact (per NVD): CVSS v3.1 base score 9.8 (CRITICAL...
ThinkPHP代码问题漏洞
Top Thinking Information Technology ThinkPHP is a PHP-based, open source, lightweight Web application development framework from China Top Thinking Information Technology. A security vulnerability exists in ThinkPHP v6.0.8, which stems from a deserialization vulnerability in the component...
Fedora: Security Advisory for php-league-flysystem (FEDORA-2021-b9187c535c)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for php-league-flysystem (FEDORA-2021-717516a2e9)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: php-league-flysystem-1.1.4-1.fc33
Flysystem is a filesystem abstraction which allows you to easily swap out a local filesystem for a remote one. Autoloader: /usr/share/php/League/Flysystem/autoload.php...
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...
GHSA-9F46-5R25-5WFM Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...
Remote Code Execution (RCE)
flysystem is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied path or filename and removing any unicode whitespace during whitespace normalisation allows an attacker to upload and execute malicious code on the system...
CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
DEBIAN-CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
UBUNTU-CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
Design/Logic Flaw
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
CVE-2021-32708
CVE-2021-32708 concerns thephpleague flysystem, a PHP filesystem abstraction library. The issue arises in the whitespace normalization logic for 1.x and 2.x: if a user-supplies a filename, the path is not checked for unicode chars, and the path’s extension is denied (not allow-listed), with a uni...
CVE-2021-32708 Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
thephpleague flysystem 代码注入漏洞
Flysystem is an open source file repository. Thephpleague flysystem suffers from a code injection vulnerability that stems from the fact that under certain conditions, flysystem could allow a malicious user to remotely execute code...