CVE-2015-5723 – doctrine/cache

Package

Manager: composer
Name: doctrine/cache
Vulnerable Version: >=1.4.0 <1.4.2 || >=1.0.0 <1.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00102 pctl0.28636

Details

Doctrine Security Misconfiguration Vulnerability Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Metadata

Created: 2022-05-17T03:44:28Z
Modified: 2023-10-19T19:12:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pw5c-xqf2-6xc2/GHSA-pw5c-xqf2-6xc2.json
CWE IDs: []
Alternative ID: GHSA-pw5c-xqf2-6xc2
Finding: F159
Auto approve: 1