Fluid Attacks Database

Description

Doctrine Security Misconfiguration Vulnerability Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	zendframework/zendframework	>=2.4.0 <2.4.8	2.4.8
packagist	aws/aws-sdk-php	>=3.0.0 <3.2.1	3.2.1
packagist	doctrine/cache	>=1.4.0 <1.4.2 \|\| >=1.0.0 <1.3.2	1.4.2, 1.3.2
packagist	doctrine/common	>=0 <2.4.3 \|\| >=2.5.0-stable <2.5.1	2.4.3, 2.5.1
packagist	doctrine/mongodb-odm-bundle	>=0 <3.0.1	3.0.1
packagist	zendframework/zend-cache	>=2.5.0 <2.5.3 \|\| >=2.4.0 <2.4.8	2.5.3, 2.4.8
packagist	zendframework/zendframework1	>=1.12.0 <1.12.16	1.12.16
packagist	doctrine/annotations	>=0 <1.2.7	1.2.7
packagist	doctrine/orm	>=2.5.0 <2.5.1	2.5.1
packagist	doctrine/mongodb-odm	>=0 <1.0.2	1.0.2

1-10 of 28

Aliases

1. CVE-2015-57232. NVD-2015-57233. OSV-2015-57234. OSV-DEBIAN-2015-57235. GCVE-2015-57236. SECURITY-TRACKER-CVE-2015-5723

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.