CVE-2020-15227

Injection Vulnerability in packagist/nette/application

Identifiers

CVE-2020-15227, GHSA-8gv3-3j7f-wg94

Package Slug

packagist/nette/application

Vulnerability

Injection Vulnerability

Description

Nette are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

Affected Versions

All versions starting from 2.0.0 before 2.0.19, all versions starting from 2.1.0 before 2.1.13, all versions starting from 2.2.0 before 2.2.10, all versions starting from 2.3.0 before 2.3.14, all versions starting from 2.4.0 before 2.4.16, all versions starting from 3.0.0 before 3.0.6

Solution

Upgrade to versions 2.2.10, 2.3.14, 2.4.16, 3.0.6 or above.

Last Modified

2020-10-19

source