Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:4 a.m.12 views

CVE-2023-37473

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...

8.8CVSS6.7AI score0.00939EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/14 8:0 p.m.37 views

CVE-2023-37473 Limited code execution in zenstruck/collections

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...

8.5CVSS8.8AI score0.00939EPSS
Exploits0References3
CVE
CVE
added 2023/07/14 8:0 p.m.77 views

CVE-2023-37473

The CVE affects zenstruck/collections (PHP library). The vulnerability arises when user input is passed as a callable string (e.g., system) to EntityRepository::find() or query(), allowing arbitrary code execution. The issue has been fixed in commit f4b1c488206e1b1581b06fcd331686846f13f19c and re...

8.8CVSS8.5AI score0.00939EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/14 8:0 p.m.27 views

CVE-2023-37473 Limited code execution in zenstruck/collections

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...

8.5CVSS8.3AI score0.00939EPSS
Exploits0References5
Rows per page
Query Builder