2 matches found
Remote Code Execution (RCE)
zenstruck/collection is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of sanitizing system calls in EntityRepository::find or query which allows an attacker to execute malicious code in the system...
GHSA-7XR2-8FF7-6FJQ zenstruck/collection passing callable string to EntityRepository::find() and query()
Impact Passing callable strings ie system caused the function to be executed. Patches Fixed in v0.2.1. Workarounds Do not allow passing user strings to EntityRepository::find or query. References Fix commit...