CVE-2012-2967: Caucho Quercus, as distributed in Resin, does not properly implement the `==` operator for comparisons

May 17, 2022 (updated April 12, 2025)

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.

References

github.com/advisories/GHSA-2qr7-8fp8-4xxr
nvd.nist.gov/vuln/detail/CVE-2012-2967
web.archive.org/web/20131210160901/http://en.securitylab.ru:80/lab/PT-2012-05

Code Behaviors & Features

Detect and mitigate CVE-2012-2967 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →