The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/czim/file-handling/blob/2.3.0/SECURITY.md |
History
Tue, 17 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-17T00:00:00
Updated: 2024-09-17T18:27:40.239Z
Reserved: 2024-09-17T00:00:00
Link: CVE-2024-47049
Vulnrichment
Updated: 2024-09-17T18:27:36.679Z
NVD
Status : Awaiting Analysis
Published: 2024-09-17T14:15:17.877
Modified: 2024-09-20T12:30:51.220
Link: CVE-2024-47049
Redhat
No data.