[pkg-php-pear] Bug#990288: php-league-flysystem: Security issue in versions <1.1.4
Robin Gustafsson
robin at rgson.se
Thu Jun 24 17:31:40 BST 2021
Package: php-league-flysystem
Version: 1.1.3-3
Severity: important
Tags: upstream security
Upstream recently published a security advisory regarding a vulnerability
in Flysystem <1.1.4. [1]
> The whitespace normalisation using in 1.x and 2.x removes any unicode
> whitespace. Under certain specific conditions this could potentially
> allow a malicious user to execute code remotely.
[1]: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
More information about the pkg-php-pear
mailing list