CVE-2023-28115Deserialization of Untrusted Data in Snappy

CWE-502Deserialization of Untrusted Data8 documents4 sources
Severity
9.8CRITICALNVD
EPSS
11.4%
top 6.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Knplabs SnappyKnplabs Knp-snappyDebian Civicrm
Timeline
PublishedMar 17
Latest updateSep 8

Description

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used wi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5knplabs/snappy< 1.4.3
NVDknplabs/snappy< 1.4.2+1
Packagistknplabs/knp-snappy< 1.4.2+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
Snappy PHAR deserialization vulnerability2023-09-08
OSV
Snappy PHAR deserialization vulnerability2023-09-08
OSV
PHAR deserialization allowing remote code execution2023-03-17
OSV
CVE-2023-28115: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page2023-03-17
GHSA
PHAR deserialization allowing remote code execution2023-03-17

📋Vendor Advisories

1
Debian
CVE-2023-28115: civicrm - Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a ur...2023