diff options
author | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2022-01-27 07:07:46 +0000 |
---|---|---|
committer | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2022-01-27 07:18:51 +0000 |
commit | 68056e7f1306019698f71ac7fb262427da558e73 (patch) | |
tree | 3d4904fc44d62f9026808a131c1158f9e856a04d | |
parent | 6901bf72b3b20f999a6a6141acf5c99219e65198 (diff) | |
download | ports-68056e7f1306019698f71ac7fb262427da558e73.tar.gz ports-68056e7f1306019698f71ac7fb262427da558e73.zip |
security/vuxml: Add CVE-2022-0323 (www/phpmustache)
Following change in 4f0a5e1540c3..6901bf72b3b2
Reported by: Marc Veldman <marc@bumblingdork.com> (maintainer)
-rw-r--r-- | security/vuxml/vuln-2022.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 7d27bd6cc453..2ff34eca31d9 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,32 @@ + <vuln vid="65847d9d-7f3e-11ec-8624-b42e991fc52e"> + <topic>mustache - Possible Remote Code Execution</topic> + <affects> + <package> + <name>phpmustache</name> + <range><lt>2.14.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>huntr.dev reports:</p> + <blockquote cite="https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7/"> + <p>In Mustache.php v2.0.0 through v2.14.0, Sections tag can + lead to arbitrary php code execution even if + strict_callables is true when section value is + controllable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-0323</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0323</url> + </references> + <dates> + <discovery>2022-01-20</discovery> + <entry>2022-01-27</entry> + </dates> + </vuln> + <vuln vid="0f8bf913-7efa-11ec-8c04-2cf05d620ecc"> <topic>polkit -- Local Privilege Escalation</topic> <affects> |