You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Impacted are all versions below v5.3.0.
If possible, update to >= v5.3.0 as soon as possible. Impacted was the Attachment::save
method which could be used to write files to the local filesystem. The path was not
properly sanitized and could be used to write files to arbitrary locations.
However, the Attachment::save method is not used by default and has to be called
manually. If you are using this method without providing a sanitized path, you are
affected by this vulnerability.
If you are not using this method or are providing a sanitized path, you are not affected
by this vulnerability and no immediate action is required.
Impacted are all versions below v5.3.0.
If possible, update to >= v5.3.0 as soon as possible. Impacted was the
Attachment::savemethod which could be used to write files to the local filesystem. The path was not
properly sanitized and could be used to write files to arbitrary locations.
However, the
Attachment::savemethod is not used by default and has to be calledmanually. If you are using this method without providing a sanitized path, you are
affected by this vulnerability.
If you are not using this method or are providing a sanitized path, you are not affected
by this vulnerability and no immediate action is required.
Timeline
If you have any questions or comments, please leave them below.
Thank you all and thank you @angelej for your fantastic help :)