Skip to content

Information disclosure in release archive

Low
matks published GHSA-492w-2pp5-xhvg Jul 2, 2020

Package

No package listed

Affected versions

> 1.7.4.0

Patched versions

1.7.6.6

Description

Impact

Some files should not be in the release archive, and others should not be accessible.

Patches

The problem is fixed in 1.7.6.6

Workarounds

Make sure composer.json and docker-compose.yml are not accessible on your server.

References

Information Disclosure (CWE-200)

Thanks to Komradz

Severity

Low

CVE ID

CVE-2020-15080

Weaknesses

No CWEs