Candidate: CVE-2019-10774
PublicDate: 2019-12-30 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10774
 https://snyk.io/vuln/SNYK-PHP-MIKEHAERTLPHPSHELLCOMMAND-538426
Description:
 php-shellcommand versions before 1.6.1 have a command injection
 vulnerability. Successful exploitation could lead to arbitrary code
 execution.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/mikehaertl/php-shellcommand/issues/44
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_php-shellcommand:
 upstream: https://github.com/mikehaertl/php-shellcommand/commit/8d98d8536e05abafe76a491da87296d824939076
upstream_php-shellcommand: released (1.6.1)
precise/esm_php-shellcommand: DNE
trusty_php-shellcommand: ignored (out of standard support)
trusty/esm_php-shellcommand: DNE
xenial_php-shellcommand: DNE
bionic_php-shellcommand: DNE
disco_php-shellcommand: DNE
eoan_php-shellcommand: DNE
devel_php-shellcommand: not-affected (1.6.1-1)