CVE-2020-15227
HIGH8.7EPSS 93.8%Potential Remote Code Execution vulnerability
發布日:2020/10/2修改日:2026/3/13
描述
Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Reported by Cyku Hong from DEVCORE (https://devco.re) ### Impact Code injection, possible remote code execution. ### Patches Fixed in nette/application 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette 2.0.19 and 2.1.13
受影響套件(2)
- Debian/php-nettefrom 0, < 2.4-20160731-1+deb9u1
- Packagist/nette/application>= 2.2.0, < 2.2.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15227
- PATCHhttps://github.com/nette/application
- WEBhttps://blog.nette.org/en/cve-2020-15227-potential-remote-code-execution-vulnerability
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/nette/application/CVE-2020-15227.yaml
- WEBhttps://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
- WEBhttps://lists.debian.org/debian-lts-announce/2021/04/msg00003.html
- WEBhttps://packagist.org/packages/nette/application
- WEBhttps://packagist.org/packages/nette/nette