Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GHSA-2wxv-3g4v-p76p] Directory traversal vulnerability in index.php in... #1611

Closed
wants to merge 1 commit into from
Closed

[GHSA-2wxv-3g4v-p76p] Directory traversal vulnerability in index.php in... #1611

wants to merge 1 commit into from

Conversation

williamdes
Copy link

Updates

  • Affected products
  • References
  • Source code location
  • Summary

Comments
Added references

williamdes
williamdes commented Jan 12, 2023
View reviewed changes
advisories/unreviewed/2022/05/GHSA-2wxv-3g4v-p76p/GHSA-2wxv-3g4v-p76p.json
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"introduced": "0"
"introduced": "2.5.1"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @williamdes

Thanks for the contributions! I tried to investigate the commit history/blame of the code fix to find what version it may have been introduced, but kind of dead-ended at the import from SVN. The way the CVE reads to me is that 2.5.1 was the version tested when the vulnerability was found, not the first version vulnerable. If you have reason to believe that versions prior to 2.5.1 are NOT vulnerable, please let us know!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/cc @namiltd

@github-actions github-actions bot changed the base branch from main to williamdes/advisory-improvement-1611 January 12, 2023 19:11
@williamdes williamdes mentioned this pull request Jan 12, 2023
Closed
@github-actions github-actions bot deleted the williamdes-GHSA-2wxv-3g4v-p76p branch January 18, 2023 18:31
@williamdes
Copy link
Author

Thanks bot...

@williamdes williamdes mentioned this pull request Apr 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ronwoch ronwoch ronwoch left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@williamdes @ronwoch