Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xM2ptLXYyN3EtamZ3d84AA8jq
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
titon/framework package (which is now abandoned and no longer maintained) is vulnerable to remote code execution via Chosen-Ciphertext Attack.
Permalink: https://github.com/advisories/GHSA-q3jm-v27q-jfwwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xM2ptLXYyN3EtamZ3d84AA8jq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-q3jm-v27q-jfww
References:
- https://github.com/titon/framework/issues/93
- https://github.com/FriendsOfPHP/security-advisories/blob/master/titon/framework/2017-11-20.yaml
- https://github.com/advisories/GHSA-q3jm-v27q-jfww
Blast Radius: 5.9
Affected Packages
packagist:titon/framework
Dependent packages: 0Dependent repositories: 4
Downloads: 29 total
Affected Version Ranges: <= 0.1.0-alpha
No known fixed version
All affected versions: 0.1.0-alpha