CVE-2020-15227

critical

Description

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

References

https://packagist.org/packages/nette/nette

https://packagist.org/packages/nette/application

https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html

https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94

Details

Source: Mitre, NVD

Published: 2020-10-01

Updated: 2021-11-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics