CVE-2021-37704

Sažetak

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.

Reference

https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
https://packagist.org/packages/phpfastcache/phpfastcache
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
https://github.com/flextype/flextype/issues/567
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
https://github.com/PHPSocialNetwork/phpfastcache/pull/814
https://github.com/PHPSocialNetwork/phpfastcache/pull/815

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

27-10-2022 - 12:41

Objavljeno

12-08-2021 - 20:15