SCA: security update for phpfastcache/phpfastcache (GHSA-cvh5-p6r6-g2qc)

medium Tenable Cloud Security Plugin ID 414105

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In
versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected
from public access. This is a rare situation today since the vendor directory is often located outside the
web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched
respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will
**NOT** be patched. As a workaround, protect the `/vendor` directory from public access. (CVE-2021-37704)

See Also

https://github.com/advisories/GHSA-cvh5-p6r6-g2qc

Plugin Details

Severity: Medium

ID: 414105

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 1.2

Percentile: 0.01

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2021-37704

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/30/2021

Vulnerability Publication Date: 8/12/2021

Reference Information

CVE: CVE-2021-37704