CVE-2018-11756
Summary
| CVE | CVE-2018-11756 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-23 17:29:00 UTC |
| Updated | 2023-11-07 02:51:00 UTC |
| Description | In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Apache Mail Archives | MLIST | lists.apache.org | Mailing List, Mitigation, Patch, Vendor Advisory |
| Update tests to pick up upstream changes. · apache/openwhisk-runtime-php@6caf902 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Apache Mail Archives | lists.apache.org | ||
| Cloud Workload Protection Platform | Prisma - Palo Alto Networks | MISC | www.puresec.io | Mitigation, Technical Description, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.