Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The image:make function in fetchImageFile can trigger phar deserialization. Combined with the deserialization chain of the laravel framework, it can cause remote code execution vulnerabilities.
image:make
lightcms latest version (v1.3.7)
Please see this link for details.
The text was updated successfully, but these errors were encountered:
fix: catchImage #21
ba815d5
thanks^_
Sorry, something went wrong.
f240c7f
52820f6
fix: #21
9630ee4
No branches or pull requests
Description
The
image:makefunction in fetchImageFile can trigger phar deserialization. Combined with the deserialization chain of the laravel framework, it can cause remote code execution vulnerabilities.Impact Version
lightcms latest version (v1.3.7)
Steps to Reproduce
Please see this link for details.
The text was updated successfully, but these errors were encountered: