Lucene search
K

7 matches found

GithubExploit
GithubExploit
added 2024/10/19 12:49 p.m.495 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Thephpleague Flysystem

CVE-2021-32708 Affected versions of this package are vulnerabl...

9.8CVSS8.3AI score0.03486EPSS
Exploits2
Hacker One
Hacker One
added 2022/10/03 2:32 p.m.34 views

Nextcloud: Suspicious login app ships old league/flysystem version

A vulnerability in the Suspicious Login app allowed a remote attacker to execute arbitrary code on the target system due to a race condition. The vulnerability was caused by an outdated version of the Flysystem library 0.1.0 - 2.1.0 that allowed a malicious user to upload and execute arbitrary co...

9.8CVSS8.9AI score0.03486EPSS
Exploits2
Circl
Circl
added 2021/06/24 8:18 p.m.9 views

CVE-2021-32708

creationtimestamp| type| source ---|---|--- 2021-06-24 20:18:38+00:00| seen| https://t.me/cibsecurity/25687...

9.8CVSS8.6AI score0.03486EPSS
Exploits2References1
NVD
NVD
added 2021/06/24 5:15 p.m.17 views

CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

9.8CVSS0.03486EPSS
Exploits2References6
Cvelist
Cvelist
added 2021/06/24 4:30 p.m.68 views

CVE-2021-32708 Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

9.8CVSS9.9AI score0.03486EPSS
Exploits2References6
CVE
CVE
added 2021/06/24 4:30 p.m.226 views

CVE-2021-32708

CVE-2021-32708 concerns thephpleague flysystem, a PHP filesystem abstraction library. The issue arises in the whitespace normalization logic for 1.x and 2.x: if a user-supplies a filename, the path is not checked for unicode chars, and the path’s extension is denied (not allow-listed), with a uni...

9.8CVSS8.3AI score0.03486EPSS
Exploits2References6Affected Software1
Debian CVE
Debian CVE
added 2021/06/24 4:30 p.m.28 views

CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

9.8CVSS9.3AI score0.03486EPSS
Exploits2
Rows per page
Query Builder