← volver
CVE-2020-15227

Remote Code Execution vulnerability

CVSS 8.7 HIGHEPSS 35.2%CWE-74
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Productos afectados
nette · application

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94https://lists.debian.org/debian-lts-announce/2021/04/msg00003.htmlhttps://packagist.org/packages/nette/applicationhttps://packagist.org/packages/nette/nette