Headline

GHSA-2p6p-9rc9-62j9: Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

Impact

You are affected if your php.ini configuration has register_argc_argv enabled.

Patches

Update to 4.13.2 or 5.5.2.

Workarounds

If you can’t upgrade yet, and register_argc_argv is enabled, you can disable it to mitigate the issue.

12 months ago

ghsa

Open in Source

#git #php #rce

GitHub Advisory Database
GitHub Reviewed
CVE-2024-56145

Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

High severity GitHub Reviewed Published Dec 18, 2024 in craftcms/cms • Updated Dec 18, 2024

Package

Affected versions

>= 5.0.0-RC1, < 5.5.2

>= 4.0.0-RC1, < 4.13.2

Patched versions

5.5.2

4.13.2

Impact

You are affected if your php.ini configuration has register_argc_argv enabled.

Patches

Update to 4.13.2 or 5.5.2.

Workarounds

If you can’t upgrade yet, and register_argc_argv is enabled, you can disable it to mitigate the issue.

References

GHSA-2p6p-9rc9-62j9
craftcms/cms@82e893f

Published to the GitHub Advisory Database

Dec 18, 2024

Last updated

Dec 18, 2024

ghsa: Latest News

GHSA-r399-636x-v7f6: LangChain serialization injection vulnerability enables secret extraction

17 hours ago

ghsa

GHSA-hm5p-x4rq-38w4: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

18 hours ago

ghsa

GHSA-c67j-w6g6-q2cm: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

19 hours ago

ghsa

GHSA-pp3g-xmm4-5cw9: Home Assistant Core before is vulnerable to Directory Traversal

19 hours ago

ghsa

GHSA-qx44-p258-3c2v: Cadmium CMS has a background arbitrary file upload vulnerability

19 hours ago

ghsa