CVE-2020-15227

Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Reported by Cyku Hong from DEVCORE (https://devco.re) ### Impact Code injection, possible remote code execution. ### Patches Fixed in nette/application 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette 2.0.19 and 2.1.13

Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Reported by Cyku Hong from DEVCORE (https://devco.re) ### Impact Code injection, possible remote code execution. ### Patches Fixed in nette/application 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette 2.0.19 and 2.1.13

Nette versiones anteriores a 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 son vulnerables a un ataque de inyección de código al pasar parámetros especialmente formados hacia la URL que puede posiblemente conllevar a RCE. Nette es un Framework MVC de PHP/Composer