GHSA-hx3m-959f-v849

Suggest an improvement
Source
https://github.com/advisories/GHSA-hx3m-959f-v849
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-hx3m-959f-v849/GHSA-hx3m-959f-v849.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-hx3m-959f-v849
Published
2024-06-07T21:07:38Z
Modified
2024-06-07T21:07:38Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
Details

Zend_View is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render() view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or directly output.

Zend_View::setScriptPath() in versions up to and including 1.7.4 include a potential Local File Inclusion vulnerability. If untrusted input is used to specify the script path and/or view script itself, a malicious attacker could potentially specify a system directory and thus render a system file.

As an example, if the user-supplied string /etc/passwd or a relative path that resolved to that file, was supplied to Zend_View::render(), that file would be rendered.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-07T21:07:38Z"
}
References

Affected packages

Packagist / zendframework/zendframework1

Package

Name
zendframework/zendframework1
Purl
pkg:composer/zendframework/zendframework1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.7.0
Fixed
1.7.5