File tree 1 file changed +19
-0
lines changed
1 file changed +19
-0
lines changed Original file line number Diff line number Diff line change @@ -15,6 +15,25 @@ Updates should follow the [Keep a CHANGELOG](http://keepachangelog.com/) princip
1515- NaN
1616
1717
18+ ## [ 5.3.0] - Security patch - 2023-06-20
19+ ### Fixed
20+ - Potential RCE through path traversal fixed #414 (special thanks @angelej )
21+
22+ ### Security Impact and Mitigation
23+ Impacted are all versions below v5.3.0.
24+ If possible, update to >= v5.3.0 as soon as possible. Impacted was the ` Attachment::save `
25+ method which could be used to write files to the local filesystem. The path was not
26+ properly sanitized and could be used to write files to arbitrary locations.
27+
28+ However, the ` Attachment::save ` method is not used by default and has to be called
29+ manually. If you are using this method without providing a sanitized path, you are
30+ affected by this vulnerability.
31+ If you are not using this method or are providing a sanitized path, you are not affected
32+ by this vulnerability and no immediate action is required.
33+
34+ If you have any questions, please feel to join this issue: https://github.com/Webklex/php-imap/issues/416
35+
36+
1837## [ 5.2.0] - 2023-04-11
1938### Fixed
2039- Use all available methods to detect the attachment extension instead of just one
You can’t perform that action at this time.
0 commit comments