7 matches found
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Thephpleague Flysystem
CVE-2021-32708 Affected versions of this package are vulnerabl...
Nextcloud: Suspicious login app ships old league/flysystem version
A vulnerability in the Suspicious Login app allowed a remote attacker to execute arbitrary code on the target system due to a race condition. The vulnerability was caused by an outdated version of the Flysystem library 0.1.0 - 2.1.0 that allowed a malicious user to upload and execute arbitrary co...
CVE-2021-32708
creationtimestamp| type| source ---|---|--- 2021-06-24 20:18:38+00:00| seen| https://t.me/cibsecurity/25687...
CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
CVE-2021-32708 Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
CVE-2021-32708
CVE-2021-32708 concerns thephpleague flysystem, a PHP filesystem abstraction library. The issue arises in the whitespace normalization logic for 1.x and 2.x: if a user-supplies a filename, the path is not checked for unicode chars, and the path’s extension is denied (not allow-listed), with a uni...
CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...