Veracode Vulnerability DatabaseVERACODE:39914Remote Code Execution (RCE)
0.021 Low
EPSS
Percentile
89.1%
knplabs/knp-snappy is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the library not checking the file type during upload, which allows an attacker to upload a phar:// file which will be deserialized during the file_exists function because it fails to check the file type, resulting in Remote Code Execution. If a user can control the output file from the generateFromHtml function, arbitrary deserialization will occur.
| CPE | Name | Operator | Version |
|---|---|---|---|
| knplabs/knp-snappy | le | v1.4.1 | |
| knplabs/knp-snappy | le | v1.4.1 |
References
github.com/KnpLabs/snappy/blob/5126fb5b335ec929a226314d40cd8dad497c3d67/src/Knp/Snappy/AbstractGenerator.php#L670
github.com/KnpLabs/snappy/blob/v1.4.1/src/Knp/Snappy/AbstractGenerator.php#L670
github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6
github.com/KnpLabs/snappy/commit/b66f79334421c26d9c244427963fa2d92980b5d3
github.com/KnpLabs/snappy/pull/469
github.com/KnpLabs/snappy/releases/tag/v1.4.2
github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
Related
