all InfoSec news
CVE-2023-41330 (snappy)
Sept. 6, 2023, 6:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
## Issue
On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as …
attacker check code code execution cve deserialization filename function html issue library march page pdf php remote code remote code execution snappy snapshot thumbnail url version version 1 vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Senior Security Researcher
@ Microsoft | Redmond, Washington, United States
Sr. Cyber Risk Analyst
@ American Heart Association | Dallas, TX, United States
Cybersecurity Engineer 2/3
@ Scaled Composites, LLC | Mojave, CA, US
Information Security Operations Manager
@ DP World | Charlotte, NC, United States
Sr Cyber Security Engineer I
@ Staples | Framingham, MA, United States
Security Engineer - Heartland (Remote)
@ GuidePoint Security LLC | Remote in the US