Back

CVE-2024-47049

Sept. 17, 2024, 2:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

czim/file-handling package

  • before 1.5.0
  • 2.x before 2.3.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-09-17
CVE-2024-47049

CVE-2024-47049 details

Published : Sept. 17, 2024, 2:15 p.m.
Last Modified : Sept. 17, 2024, 2:15 p.m.

Description

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/czim/file-handling/blob/2.3.0/SECURITY.md cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.