Home > Vulnerability Database > CVE-2024-34515

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-34515

Date: May 4, 2024

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().

Language: PHP

Severity Score

8.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34515

Url: https://github.com/spatie/image-optimizer/commit/89847b55fbb44b3bcde0283bff8cc5abb5e51b82

Url: https://github.com/spatie/image-optimizer/compare/1.7.2...1.7.3

Url: https://github.com/spatie/image-optimizer/pull/211

Url: https://github.com/spatie/image-optimizer/issues/210

Url: https://github.com/spatie/image-optimizer

Url: https://www.mend.io/vulnerability-database/CVE-2024-34515

Severity Score

8.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us