CVE-2023-28115

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28115
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28115.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-28115
Aliases
Related
Published
2023-03-17T22:15:11Z
Modified
2024-10-12T10:48:40.388105Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_exists() function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the generateFromHtml() function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.

References

Affected packages

Debian:11 / civicrm

Package

Name
civicrm
Purl
pkg:deb/debian/civicrm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.33.2+dfsg1-1
5.50.1+dfsg1-1
5.50.3+dfsg1-1
5.52.2+dfsg1-1
5.53.0+dfsg1-1
5.68.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/knplabs/snappy

Affected ranges

Type
GIT
Repo
https://github.com/knplabs/snappy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.2.0
0.2.1
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.4
0.4.1
0.4.2
0.4.3

v0.*

v0.5.0

v1.*

v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.4.0
v1.4.1