Flysystem security update-CVE-2021-32708

March 9, 2022

NAME

The PHP LeagueFlysystem

  • Platforms Affected:
    Flysystem

  • Risk Level:
    low

  • CVE Type:
    Race condition

DESCRIPTION

CVE-2021-32708 is a race condition vulnerability impacting The PHP League Flysystem versions 1.0.0 through 1.1.3 and 2.0.0 through 2.1.0. A proof of concept (PoC) was not observed publicly or in the underground.

CVSS Information:

  • CVSS 2.0 SCORE: 9.3
  • CVSS 3.0 SCORE: 9.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:


  • PoC Link:

MITIGATION

The PHP League addressed the vulnerability in a GitHub software development platform with updated versions.

  • Reference Link:
    https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[HUNTERS] – Ransomware Victim: Kumla Kommun

November 14, 2024
image

[SARCOMA] – Ransomware Victim: ADT Freight Services Australia Pty Lt

November 14, 2024
image

[AKIRA] – Ransomware Victim: Berexco LLC

November 14, 2024
image

[AKIRA] – Ransomware Victim: Dumont Printing

November 14, 2024
image

[AKIRA] – Ransomware Victim: Intercomp

November 14, 2024