GHSA-pw5c-xqf2-6xc2

Source

https://github.com/advisories/GHSA-pw5c-xqf2-6xc2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pw5c-xqf2-6xc2/GHSA-pw5c-xqf2-6xc2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pw5c-xqf2-6xc2

Aliases

CVE-2015-5723

Published

2022-05-17T03:44:28Z

Modified

2024-11-30T05:31:48.365402Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Doctrine Security Misconfiguration Vulnerability

Details

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Database specific

{
    "nvd_published_at": "2016-06-07T14:06:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-19T19:12:06Z"
}

References

Affected packages

Packagist / doctrine/annotations

Package

Name: doctrine/annotations
Purl: pkg:composer/doctrine/annotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.7

Affected versions

v1.*

v1.0

v1.1

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

Packagist / doctrine/cache

Package

Name: doctrine/cache
Purl: pkg:composer/doctrine/cache

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.4.0

Fixed

1.4.2

Affected versions

v1.*

v1.4.0

v1.4.1

Packagist / doctrine/common

Package

Name: doctrine/common
Purl: pkg:composer/doctrine/common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.3

Affected versions

2.*

2.1.3

2.1.4

2.2.0BETA1

2.2.0BETA2

2.2.0-RC1

2.2.0-RC3

2.2.0-RC4

2.2.0-RC5

2.2.0

2.2.1

2.2.2

2.2.3

2.3.0-BETA1

2.3.0-RC1

2.3.0-RC2

2.3.0-RC3

2.3.0

2.4.0-RC1

2.4.0-RC2

2.4.0-RC3

2.4.0-RC4

v2.*

v2.4.0

v2.4.1

v2.4.2

Packagist / doctrine/common

Package

Name: doctrine/common
Purl: pkg:composer/doctrine/common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0-stable

Fixed

2.5.1

Affected versions

v2.*

v2.5.0-beta1

v2.5.0

Packagist / doctrine/orm

Package

Name: doctrine/orm
Purl: pkg:composer/doctrine/orm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

2.5.1

Affected versions

v2.*

v2.5.0

Packagist / doctrine/mongodb-odm

Package

Name: doctrine/mongodb-odm
Purl: pkg:composer/doctrine/mongodb-odm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2

Affected versions

1.*

1.0.0-BETA4

1.0.0-BETA5

1.0.0-BETA6

1.0.0-BETA7

1.0.0-BETA8

1.0.0-BETA9

1.0.0-BETA10

1.0.0-BETA11

1.0.0-BETA12

1.0.0-BETA13

1.0.0

1.0.1

Packagist / doctrine/mongodb-odm-bundle

Package

Name: doctrine/mongodb-odm-bundle
Purl: pkg:composer/doctrine/mongodb-odm-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.1

Affected versions

v2.*

v2.0.1

v2.1.0

v2.2.0

v2.2.1

v3.*

v3.0.0-BETA1

v3.0.0-BETA2

v3.0.0-BETA3

v3.0.0-BETA4

v3.0.0-BETA5

v3.0.0-BETA6

v3.0.0

Packagist / zendframework/zendframework1

Package

Name: zendframework/zendframework1
Purl: pkg:composer/zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.12.0

Fixed

1.12.16

Affected versions

1.*

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

1.12.9

1.12.10

1.12.11

1.12.12

1.12.13

1.12.14

1.12.15

Packagist / zendframework/zend-cache

Package

Name: zendframework/zend-cache
Purl: pkg:composer/zendframework/zend-cache

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

2.5.3

Affected versions

2.*

2.5.0

2.5.1

2.5.2

Packagist / aws/aws-sdk-php

Package

Name: aws/aws-sdk-php
Purl: pkg:composer/aws/aws-sdk-php

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.2.1

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.1.0

3.2.0

Packagist / doctrine/cache

Package

Name: doctrine/cache
Purl: pkg:composer/doctrine/cache

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.3.2

Affected versions

v1.*

v1.1

v1.2.0

v1.3.0

v1.3.1

Packagist / zendframework/zend-cache

Package

Name: zendframework/zend-cache
Purl: pkg:composer/zendframework/zend-cache

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0

Fixed

2.4.8

Affected versions

2.*

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0

Fixed

2.4.8

Affected versions

2.*

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

Packagist / zfcampus/zf-apigility-doctrine

Package

Name: zfcampus/zf-apigility-doctrine
Purl: pkg:composer/zfcampus/zf-apigility-doctrine

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.3

Affected versions

1.*

1.0.0

1.0.1

1.0.2