CVE-2024-5585

Name
CVE-2024-5585
Description
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
http://www.openwall.com/lists/oss-security/2024/06/07/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
https://security.netapp.com/advisory/ntap-20240726-0002/

Match rules

CPE URI Source package Min version Max version
php >= 8.1.* < 8.1.29
php >= 8.2.* < 8.2.20
php >= 8.3.* < 8.3.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status