CVE-2021-32708

{"id": "CVE-2021-32708", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-06-24T17:15:08.263", "references": [{"url": "https://github.com/thephpleague/flysystem/commit/a3c694de9f7e844b76f9d1b61296ebf6e8d89d74", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/thephpleague/flysystem/commit/f3ad69181b8afed2c9edf7be5a2918144ff4ea32", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ/", "source": "security-advisories@github.com"}, {"url": "https://packagist.org/packages/league/flysystem", "tags": ["Product", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1."}, {"lang": "es", "value": "Flysystem es una biblioteca de almacenamiento de archivos de c\u00f3digo abierto para PHP. La normalizaci\u00f3n de espacios en blanco usando en versiones 1.x y 2.x elimina cualquier espacio en blanco unicode. Bajo determinadas condiciones espec\u00edficas, esto podr\u00eda permitir potencialmente a un usuario malicioso ejecutar c\u00f3digo de forma remota. Las condiciones son: Un usuario puede suministrar la ruta o el nombre de un archivo subido, la ruta o el nombre de archivo suministrado no se comprueban con respecto a los caracteres unicode, el nombre de la ruta suministrado se comprueba con respecto a una lista de denegaci\u00f3n de extensi\u00f3n, no con respecto a una lista de autorizaci\u00f3n, la ruta o el nombre de archivo suministrados contienen un car\u00e1cter de espacio en blanco unicode en la extensi\u00f3n, el archivo subido se almacena en un directorio que permite la ejecuci\u00f3n de c\u00f3digo PHP. Si se cumplen estas condiciones, un usuario puede subir y ejecutar c\u00f3digo arbitrario en el sistema atacado. La eliminaci\u00f3n de los espacios en blanco unicode ha sido reemplazada por un rechazo (excepci\u00f3n). Para usuarios de la versi\u00f3n 1.x, actualice a la versi\u00f3n 1.1.4. Para usuarios de la versi\u00f3n 2.x, actualice a la versi\u00f3n 2.1.1"}], "lastModified": "2023-11-07T03:35:24.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thephpleague:flysystem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "811C7A5C-FF67-45CB-962E-649FE7B9D187", "versionEndExcluding": "1.1.4", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:thephpleague:flysystem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68CAC353-47EF-4DFE-989C-A42DD4167F83", "versionEndExcluding": "2.1.1", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}