CVE-2021-43836

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43836

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43836.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43836

Aliases

GHSA-vx6j-pjrh-vgjh

Related

GHSA-vx6j-pjrh-vgjh

Published

2021-12-15T20:15:08.733Z

Modified

2026-02-25T01:24:26.544033Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service sulu_route.generator.expression_token_provider and wrap the translator before passing it to the expression language.

References

Affected packages

Git / github.com/sulu/sulu

Affected ranges

Type: GIT
Repo: https://github.com/sulu/sulu
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

68396b4aeadcdbf98e2c4cffcdfadee1e49948d5

Introduced

5e0db29766f99ae62528123a5ca78200bbc21be0

Fixed

f10bc6afb126e8215f27c410320cad374301c3fb

Introduced

87fdd3500d5999548acc07ca4b4df9842a9956f4

Fixed

30bf8b5a4f83b6f2171a696011757d095edaa28a

Affected versions

1.*

1.6.41

1.6.42

1.6.43

2.*

2.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43836.json"