Lucene search
+L

8 matches found

osv
osv
added 2021/09/01 6:36 p.m.52 views

GHSA-4574-QV3W-FCMG Deserialization of Untrusted Data in codeception/codeception

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

9.8CVSS9.6AI score0.02714EPSS
Exploits1References11
github
github
added 2021/09/01 6:36 p.m.42 views

Deserialization of Untrusted Data in codeception/codeception

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS4.3AI score0.02714EPSS
Exploits1References10Affected Software1
osv
osv
added 2021/08/11 1:15 p.m.19 views

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

9.8CVSS7.1AI score
Exploits0References4
prion
prion
added 2021/08/11 1:15 p.m.14 views

Input validation

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS9.5AI score0.02714EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2021/08/11 12:15 p.m.33 views

CVE-2021-23420 Deserialization of Untrusted Data

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

7.7CVSS9.8AI score0.02714EPSS
Exploits1References4
attackerkb
attackerkb
added 2021/08/11 12:13 p.m.1 views

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS5.6AI score0.02714EPSS
Exploits1References5
cnnvd
cnnvd
added 2021/08/11 12:0 a.m.5 views

codeception 代码问题漏洞

codeception is an open source PHP full-stack testing framework. A security vulnerability exists in codeception, which stems from a problem with codeception from 4.0.0 and before 4.1.22 and before 3.1.3. The RunProcess class can be used as a gadget to run arbitrary commands on a system that can...

10CVSS8.4AI score0.02714EPSS
Exploits1References5
snyk
snyk
added 2021/08/09 11:33 a.m.2 views

Deserialization of Untrusted Data

Overview codeception/codeception is a Full-stack testing PHP framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validatio...

10CVSS7.2AI score0.02714EPSS
Exploits1References2
Rows per page
Query Builder