Advisories for Composer/Fuel/Core package

2024

fuel/core ImageMagick driver does not escape all shell arguments.

This vulnerability may cause OS commands to be executed when you pass unvalidated image filenames containing specially crafted strings to the ImageMagick driver.

fuel/core Crypt encryption compromised.

In fuel/core versions pior to 1.8.1, with the right knowledge, code, and GPU calculation power, Crypt encryption can be broken in minutes.

2018

Inadequate Encryption Strength

Crypt encryption compromised.

Crypt encryption compromised

With the right knowledge, code, and GPU calculation power, Crypt encryption can be broken in minutes.

2016

Code Injection

ImageMagick driver does not escape all shell arguments.