Vulnerability found in dependency: CVE-2023-6551 5.4 Unrestricted Upload of File with Dangerous Type vulnerability with Medium severity found

verot / class.upload.php

This PHP class uploads files and manipulates images very easily. It is in fact as much as an image processing class than it is an upload class. Compatible with PHP 4, 5, 7 and 8. Supports processing of local files, uploaded files, files sent through XMLHttpRequest.

http://www.verot.net/php_class_upload.htm

GNU General Public License v2.0

853 stars 359 forks source link

Vulnerability found in dependency: CVE-2023-6551 5.4 Unrestricted Upload of File with Dangerous Type vulnerability with Medium severity found #185

Closed ThomasDev-de closed 4 months ago

ThomasDev-de commented 4 months ago

Hello,

I'm getting a security warning in my composer.json (see title). I am using:

"verot/class.upload.php": "2.1.6", Development: PhpStorm 2024.1.1

Is the gap known or even wrong by mistake?

verot commented 4 months ago

What do you mean by "gap"? There has been a CVE in 2023, which resulted in more information added to the README.md file. The CVE doesn't describe a bug, but is more a warning about using the class securely

ThomasDev-de commented 4 months ago

By gap I meant the security warning from my development environment.

Thank you for the information, I will simply ignore the message. I really like using the class :)

verot commented 4 months ago

Thank you!