php · pontedilana/php-weasyprintHeads-up
pontedilana/php-weasyprint <= 2.5.1 arbitrary file deletion via temporaryFiles
A security advisory was published for pontedilana/php-weasyprint versions <= 2.
What changed
A security advisory was published for pontedilana/php-weasyprint versions <= 2.5.1. The public array $temporaryFiles in AbstractGenerator allows arbitrary file deletion on script shutdown because removeTemporaryFiles() does not verify that paths are within the temporary folder. Patched in version 2.6.0.
Who it affects
All users of pontedilana/php-weasyprint versions <= 2.5.1. The vulnerability is exploitable if an attacker can influence the $temporaryFiles property, e.g., via deserialization or property-oriented gadgets.
What to do today
Upgrade to version 2.6.0 or later to apply the fix that restricts file deletion to paths within the temporary folder.
The trail
Collected→
Audited→
Written→
Published