Fixed
- Potential RCE through path traversal fixed Webklex/php-imap#414 (special thanks @angelej)
Security Impact and Mitigation
Impacted are all versions below v5.3.0.
If possible, update to >= v5.3.0 as soon as possible. Impacted was the Attachment::save
method which could be used to write files to the local filesystem. The path was not
properly sanitized and could be used to write files to arbitrary locations.
However, the Attachment::save method is not used by default and has to be called
manually. If you are using this method without providing a sanitized path, you are
affected by this vulnerability.
If you are not using this method or are providing a sanitized path, you are not affected
by this vulnerability and no immediate action is required.
If you have any questions, please feel welcome to join this issue: Webklex/php-imap#416
Timeline
- 17.06.23 21:30: Vulnerability reported
- 18.06.23 19:14: Vulnerability confirmed
- 19.06.23 18:41: Vulnerability fixed via PR Webklex/php-imap#414
- 20.06.23 13:45: Security patch released
Contributors
angelej