Remote Code Execution (RCE) Affecting nette/application package, versions >=2.2.0, <2.2.10 >=2.3.0, <2.3.14 >=2.4.0, <2.4.16 >=3.0.0, <3.0.6
Snyk CVSS
Attack Complexity
High
Scope
Changed
Confidentiality
High
Integrity
High
Threat Intelligence
Exploit Maturity
Mature
EPSS
97.29% (100th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-NETTEAPPLICATION-1015754
- published 5 Oct 2020
- disclosed 2 Oct 2020
- credit Unknown
Introduced: 2 Oct 2020
CVE-2020-15227 Open this link in a new tabHow to fix?
Upgrade nette/application
to version 2.2.10, 2.3.14, 2.4.16, 3.0.6 or higher.
Overview
nette/application is a full-stack component-based MVC kernel for PHP that helps you write powerful and modern web applications.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) by passing specially formed parameters to URL that may possibly leading to RCE.