CVE-2021-37704
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-37704
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37704.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-37704
- Aliases
- Published
- 2021-08-12T20:15:07Z
- Modified
- 2024-05-30T02:44:38.360767Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the
phpinfo()can be exposed if the/vendoris not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will NOT be patched. As a workaround, protect the/vendordirectory from public access. - References
-
- https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
- https://github.com/flextype/flextype/issues/567
- https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
- https://github.com/PHPSocialNetwork/phpfastcache/pull/813
- https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
- https://github.com/PHPSocialNetwork/phpfastcache/pull/814
- https://github.com/PHPSocialNetwork/phpfastcache/pull/815
- https://packagist.org/packages/phpfastcache/phpfastcache
Affected packages
Git / github.com/phpsocialnetwork/phpfastcache
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpsocialnetwork/phpfastcache
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.4.2
2.4.3
3.*
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.2
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
4.*
4.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.2
4.0.2-beta1
4.0.2beta1
4.0.3
4.0.3-beta1
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1
4.1.0
4.1.1
4.2.1
4.2.2
4.2.3
4.2.4
4.3
4.3.1
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
5.*
5.0.0
5.0.0-alpha1
5.0.0-alpha2
5.0.0-beta1
5.0.0-beta2
5.0.0-rc1
5.0.0-rc2
5.0.0-rc3
5.0.1
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
6.*
6.0.0
6.0.0-alpha
6.0.0-alpha2
6.0.0-beta1
6.0.0-beta2
6.0.0-rc1
6.0.0-rc2
6.0.0-rc3
6.0.0-rc4
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
7.*
7.0.0
7.0.0-RC
7.0.0-RC2
7.0.0-RC3
7.0.0-RC4
7.0.0-alpha
7.0.0-alpha2
7.0.0-alpha3
7.0.0-beta
7.0.0-beta2
7.0.0-beta3
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.1.0
8.*
8.0.0
8.0.0-alpha
8.0.0-beta
8.0.0-dev
8.0.0-rc
8.0.0-rc2
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6