Description

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Remediation

References

CVE-2022-31628

Related Vulnerabilities

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.7)

WordPress Plugin Secure Copy Content Protection and Content Locking SQL Injection (2.6.6)

WordPress Plugin Search Meter CSV Injection (2.13.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35474)

Severity

Medium

Classification

CVE-2022-31628 CWE-835 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities