PT-2025-29480 · Gnu · Snappy

Уязвимость библиотеки PHP Snappy связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к локальным файлам и директориям на сервере при обработке параметров...

Security Bulletin: The B2B API of IBM Sterling B2B Integrator is Vulnerable to Denial of Service due to Snappy (CVE-2024-36124)

Summary IBM Sterling B2B Integrator has addressed the denial of service vulnerablity from Snappy Vulnerability Details CVEID:CVE-2024-36124 DESCRIPTION: Snappy is vulnerable to a denial of service, caused by an out-of-bounds read flaw when uncompressing data. By sending a specially crafted reques...

ai.chronon:online_2.11 (>=0.0.25 <=revert-391-thread-0.0.24), ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2845 more potentially affected by CVE-2024-36124 via org.iq80.snappy:snappy (>=0.1 <=0.4)

org.iq80.snappy:snappy MAVEN version =0.1, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.2.7, =1.0.1, =1.1.0, =1.7.0, =1.7.0, =1.0.0, =0.0.12, =1.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2024-36124 Source advisory: OSV:GHSA-8WH2-6QHJ-H7J9...

CVE-2023-28115 Snappy vulnerable to PHAR deserialization, allowing remote code execution

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

Snappy 代码问题漏洞

Snappy is a PHP library from the individual developers at KNP Labs that allows thumbnails, snapshots or PDFs to be generated from url or html pages. A code issue vulnerability exists in versions of Snappy prior to 1.4.2 that stems from a lack of protocol checks. An attacker can exploit this...