Vulnerability DatabaseCVE-2021-37704
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2021-37704
August 12, 2021
PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.
Affected Packages
https://github.com/phpsocialnetwork/phpfastcache.git (GITHUB):
Affected version(s) >=7.0.0-alpha <7.1.2
Fix Suggestion:
Update to version 7.1.2
https://github.com/phpsocialnetwork/phpfastcache.git (GITHUB):
Affected version(s) >=8.0.0-alpha <8.0.7
Fix Suggestion:
Update to version 8.0.7
phpfastcache/phpfastcache (PHP):
Affected version(s) >=7.0.0 <7.1.2
Fix Suggestion:
Update to version 7.1.2
phpfastcache/phpfastcache (PHP):
Affected version(s) >=8.0.0 <8.0.7
Fix Suggestion:
Update to version 8.0.7
phpfastcache/phpfastcache (PHP):
Affected version(s) >=dev-fix/copyright-header-typo <6.1.5
Fix Suggestion:
Update to version 6.1.5
Additional Notes
The description of this vulnerability differs from MITRE.
Related Resources (9)
https://nvd.nist.gov/vuln/detail/CVE-2021-37704
https://github.com/flextype/flextype/issues/567
https://github.com/PHPSocialNetwork/phpfastcache/pull/814
https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51
https://packagist.org/packages/phpfastcache/phpfastcache
https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807
https://github.com/PHPSocialNetwork/phpfastcache/pull/815
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW
CVSS v2
Base Score:
4
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
Exposure of Resource to Wrong Sphere
CWE-668
EPSS
Base Score:
53.14