Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data
Vulnerability Description
This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
codeception 代码问题漏洞
Vulnerability Description
codeception是开源的一个 PHP 全栈测试框架。 codeception 存在安全漏洞,该漏洞源于从4.0.0和4.1.22之前、3.1.3之前的codeception存在问题,RunProcess类可以作为小工具使用,在不经过验证就可以对用户输入进行反序列化的系统上运行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A