CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "

References

Affected packages

Git / github.com/sebastianbergmann/phpunit

Affected ranges

Type

GIT

Repo

https://github.com/sebastianbergmann/phpunit

Events

Introduced

Last affected

c062dddcb68e44b563f66ee319ddae2b5a322a90

Introduced

49f1c93ee37d10ffba6ce287d67110547b40b1d7

Fixed

a9de0dbafeb6b1391b391fbb034734cb0af9f67c

Introduced

130104cf796a88dd1547dc5beb8bd555c2deb55e

Last affected

3ee1c1fd6fc264480c25b6fb8285edefe1702dab

Fixed

284a69fb88a2d0845d23f42974a583d8f59bf5a5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.8.27"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.6.3"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.5.0"
        }
    ]
}

Affected versions

4.*

4.8.10

4.8.11

4.8.12

4.8.13

4.8.14

4.8.15

4.8.16

4.8.17

4.8.18

4.8.19

4.8.20

4.8.21

4.8.22

4.8.23

4.8.24

4.8.25

4.8.26

4.8.27

4.8.28

5.*

5.0.0

5.0.1

5.0.10

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2.0

5.2.1

5.2.10

5.2.11

5.2.12

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.2.9

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.6.0

5.6.1

5.6.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9841.json"