CVE-2019-11045

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11045
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11045.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11045
Related
Withdrawn
2024-05-08T06:50:18.082012Z
Published
2019-12-23T03:15:11Z
Modified
2023-11-07T03:02:38Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

References

Affected packages

Git / github.com/php/php-src