CVE-2020-15227

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15227

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15227.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15227

Aliases

GHSA-8gv3-3j7f-wg94

Related

Published

2020-10-01T19:15:12Z

Modified

2024-08-01T08:19:27.349316Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

References

Affected packages

Git / github.com/nette/application

Affected ranges

Type: GIT
Repo: https://github.com/nette/application
Events: Introduced

4f3b250709226c70c8ca0a35f796877bcb72b10d

Fixed

783ad6fc6444f63314175131885c04b3dd0291dd

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5