In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: php
Published: 2019-12-17T00:00:00
Updated: 2021-07-22T17:06:43
Reserved: 2019-04-09T00:00:00
Link: CVE-2019-11045
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-23T03:15:11.630
Modified: 2023-11-07T03:02:38.190
Link: CVE-2019-11045
JSON object: View
Redhat Information
No data.