Flysystem security update-CVE-2021-32708

March 9, 2022

NAME

The PHP LeagueFlysystem

  • Platforms Affected:
    Flysystem

  • Risk Level:
    low

  • CVE Type:
    Race condition

DESCRIPTION

CVE-2021-32708 is a race condition vulnerability impacting The PHP League Flysystem versions 1.0.0 through 1.1.3 and 2.0.0 through 2.1.0. A proof of concept (PoC) was not observed publicly or in the underground.

CVSS Information:

  • CVSS 2.0 SCORE: 9.3
  • CVSS 3.0 SCORE: 9.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:


  • PoC Link:

MITIGATION

The PHP League addressed the vulnerability in a GitHub software development platform with updated versions.

  • Reference Link:
    https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

November 22, 2024
image

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

November 22, 2024
image

[QILIN] – Ransomware Victim: LBCO Contracting LTD

November 22, 2024
unlock membership

Unveiling Blockchain Security: Safeguarding the Digital Ledger

November 22, 2024
news

A Fifth of UK Enterprises Uncertain About NIS2 Compliance Requirements

November 22, 2024