PRIOn knowledge basePRION:CVE-2021-37704Design/Logic Flaw
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo() can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will NOT be patched. As a workaround, protect the /vendor directory from public access.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpfastcache | ge | 8.0.0 | |
| phpfastcache | lt | 8.0.7 | |
| phpfastcache | ge | 7.0.0 | |
| phpfastcache | lt | 7.1.2 | |
| phpfastcache | lt | 6.1.5 |
References
github.com/flextype/flextype/issues/567
github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md
github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
github.com/PHPSocialNetwork/phpfastcache/pull/813
github.com/PHPSocialNetwork/phpfastcache/pull/814
github.com/PHPSocialNetwork/phpfastcache/pull/815
github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
packagist.org/packages/phpfastcache/phpfastcache
Related
