Lucene search
Veracode Vulnerability DatabaseVERACODE:41339HistoryJul 18, 2023 - 2:01 p.m.
Remote Code Execution (RCE)
2023-07-1814:01:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
remote code execution
zenstruck/collection
entityrepository
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.9%
zenstruck/collection is vulnerable to Remote Code Execution (RCE). The vulnerability is due to a lack of sanitizing system calls in EntityRepository::find() or query() which allows an attacker to execute malicious code in the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zenstruck/collection | le | v0.2.0 | |
| zenstruck/collection | le | v0.2.0 |
Related
nvd
nvd
CVE-2023-37473
2023-07-14 21:15:09
osv
osv
zenstruck/collection passing callable string to EntityRepository::find() and query()
2023-07-14 21:59:13
CVE-2023-37473
2023-07-14 21:15:09
prion
prion
Code injection
2023-07-14 21:15:00
github
github
cvelist
cvelist
CVE-2023-37473 Limited code execution in zenstruck/collections
2023-07-14 20:00:16
cve
cve
CVE-2023-37473
2023-07-14 21:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.9%
Related for VERACODE:41339