Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-37473

Published: 14/07/2023 Updated: 31/07/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit `f4b1c48820` and included in release version 0.2.1. Users are advised to upgrade. Users unable to upgrade should ensure that user input is not passed to either `EntityRepository::find()` or `query()`.

Vulnerable Product Search on Vulmon Subscribe to Product

zenstruck collection 0.2.1

References

CWE-74https://github.com/zenstruck/collection/releases/tag/v0.2.1https://github.com/zenstruck/collection/security/advisories/GHSA-7xr2-8ff7-6fjqhttps://github.com/zenstruck/collection/commit/f4b1c488206e1b1581b06fcd331686846f13f19chttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook