← Retour aux CVEs

CVE-2021-37704

MEDIUM

5.4

Description

PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.

Details CVE

Score CVSS v3.15.4

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie8/12/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

phpfastcache:phpfastcache

Faiblesses (CWE)

CWE-200CWE-668

References

https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807(security-advisories@github.com)

https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51(security-advisories@github.com)

https://github.com/PHPSocialNetwork/phpfastcache/pull/813(security-advisories@github.com)

https://github.com/PHPSocialNetwork/phpfastcache/pull/814(security-advisories@github.com)

https://github.com/PHPSocialNetwork/phpfastcache/pull/815(security-advisories@github.com)

https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc(security-advisories@github.com)

https://github.com/flextype/flextype/issues/567(security-advisories@github.com)

https://packagist.org/packages/phpfastcache/phpfastcache(security-advisories@github.com)

https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/PHPSocialNetwork/phpfastcache/pull/813(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/PHPSocialNetwork/phpfastcache/pull/814(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/PHPSocialNetwork/phpfastcache/pull/815(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/flextype/flextype/issues/567(af854a3a-2127-422b-91ae-364da2661108)

https://packagist.org/packages/phpfastcache/phpfastcache(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.