logo
DATABASE RESOURCES PRICING ABOUT US

SRC-2021-0021 : League flysystem removeFunkyWhiteSpace Time-Of-Check Time-Of-Use File Write Remote Code Execution Vulnerability

Description

**Vulnerability Details:** This vulnerability allows remote attackers to execute arbitrary code on affected installations of League flysystem. Authentication may not be required to exploit this vulnerability. The specific flaw exists within the removeFunkyWhiteSpace function. The issue results from a change in the supplied filename which can introduce a time-of-check time-of-use condition. An attacker can leverage this vulnerability to write arbitrary files on a target web server. **Affected Vendors:** League **Affected Products:** flysystem **Vendor Response:** League has issued an update to correct this vulnerability. More details can be found at: <https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm>


Related