Vulnerability Description
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nette | Application | >= 2.0.0, < 2.0.19 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/04/msg00003.htmlMailing ListThird Party Advisory
- https://packagist.org/packages/nette/applicationThird Party Advisory
- https://packagist.org/packages/nette/netteThird Party Advisory
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/04/msg00003.htmlMailing ListThird Party Advisory
- https://packagist.org/packages/nette/applicationThird Party Advisory
- https://packagist.org/packages/nette/netteThird Party Advisory
FAQ
What is CVE-2020-15227?
CVE-2020-15227 is a vulnerability with a CVSS score of 8.7 (HIGH). Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is ...
How severe is CVE-2020-15227?
CVE-2020-15227 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15227?
Check the references section above for vendor advisories and patch information. Affected products include: Nette Application, Debian Debian Linux.