CVE-2020-15227, GHSA-8gv3-3j7f-wg94
packagist/nette/application
Injection Vulnerability
Nette are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer
MVC Framework.
All versions starting from 2.0.0 before 2.0.19, all versions starting from 2.1.0 before 2.1.13, all versions starting from 2.2.0 before 2.2.10, all versions starting from 2.3.0 before 2.3.14, all versions starting from 2.4.0 before 2.4.16, all versions starting from 3.0.0 before 3.0.6
Upgrade to versions 2.2.10, 2.3.14, 2.4.16, 3.0.6 or above.
2020-10-19
source |