FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9b8a52fc-89c1-11e9-9ba0-4c72b94353b5	drupal -- Drupal core - Moderately critical Drupal Security Team reports: CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor. In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. The current implementation is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file. Discovery 2019-05-08 Entry 2019-06-08 drupal7 < 7.67 drupal8 < 8.7.1 https://www.drupal.org/SA-CORE-2019-007

VuXML ID

Description

9b8a52fc-89c1-11e9-9ba0-4c72b94353b5

drupal -- Drupal core - Moderately critical

Drupal Security Team reports:

CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor.

In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. The current implementation is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file.

Discovery 2019-05-08
Entry 2019-06-08
drupal7

< 7.67

drupal8

< 8.7.1

https://www.drupal.org/SA-CORE-2019-007