search

JeanCarlosChavarriaHughes / API_Hacienda

API de comunicacion con hacienda
https://crlibre.org/qa/
GNU Affero General Public License v3.0
1 stars 1 forks source link

* Actualizar phpMailer a 6.0.6 * _Security Risk_ #36

Closed JeanCarlosChavarriaHughes closed 3 years ago

JeanCarlosChavarriaHughes commented 4 years ago

Remediation

Upgrade phpmailer/phpmailer to version 6.0.6 or later. For example:

"require": { "phpmailer/phpmailer": "6.0.6" } Always verify the validity and compatibility of suggestions with your codebase.

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by blocking the use of paths containing URL-protocol style prefixes such as phar://. Reported by Sehun Oh of cyberone.kr.

ozkarchavez commented 4 years ago

Muchas gracias Don Juan Carlos

JeanCarlosChavarriaHughes commented 3 years ago

fixed here: https://github.com/JeanCarlosChavarriaHughes/API_Hacienda/commit/b7643e7327b9fd3855091f52350d27233d6f4ff7