GHSA-rw82-mhmx-grmj

Source
https://github.com/advisories/GHSA-rw82-mhmx-grmj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-rw82-mhmx-grmj/GHSA-rw82-mhmx-grmj.json
Aliases
Published
2023-11-14T18:48:51Z
Modified
2023-11-24T05:16:59.749704Z
Details

Impact

When using the file uploads feature, it was possible to upload PHP files.

Patches

The vulnerability is fixed in v3.1.2.

References

Affected packages

Packagist / duncanmcclean/guest-entries

Package

Name
duncanmcclean/guest-entries

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.1.2

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3

v2.*

v2.0.0
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.3

v3.*

v3.0.0
v3.1.0
v3.1.1

Packagist / doublethreedigital/guest-entries

Package

Name
doublethreedigital/guest-entries

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.1.2

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3

v2.*

v2.0.0
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.3

v3.*

v3.0.0
v3.1.0
v3.1.1