CVE-2024-34515 | spatie image-optimizer up to 1.7.2 Phar Deserialization file_exists deserialization (Issue 210)

Inserito da Angelo Barbosa | Mag 6, 2024 | CVE

A vulnerability classified as problematic has been found in spatie image-optimizer up to 1.7.2. This affects the function file_exists of the component Phar Deserialization. The manipulation leads to deserialization.

This vulnerability is uniquely identified as CVE-2024-34515. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-34515 | spatie image-optimizer up to 1.7.2 Phar Deserialization file_exists deserialization (Issue 210)

Post correlati

CVE-2024-2074 | Mini-Tmall up to 20231017 ?r=tmall/admin/user/1/1 orderBy sql injection

CVE-2024-36264 | Apache Submarine Commons Utils 0.8.0 improper authentication

CVE-2024-3677 | Ultimate 410 Gone Status Code Plugin up to 1.1.4 on WordPress cross site scripting

CVE-2024-3745 | MSI Afterburner 4.6.6.16381 Beta 3 RTCore64.sys authorization