CVE-2024-47049

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47049

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47049

Aliases

GHSA-6rgh-r6j3-3223

Published

2024-09-17T14:15:17Z

Modified

2024-10-08T04:23:12.446723Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

References

https://github.com/czim/file-handling/blob/2.3.0/SECURITY.md

Affected packages

Git / github.com/czim/file-handling

Affected ranges

Type: GIT
Repo: https://github.com/czim/file-handling
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

95dfda850536bf35e684619598b9d02f4c97680d

Affected versions

0.*

0.9.0

0.9.1

0.9.10

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

1.4.0