Jump to content

PHP Remote execution CVE-2024-4577


Recommended Posts

Dear Unraid devs,

 

thanks for your hard work and continuos support and for the amazing product unraid is.

 

I know you are actually busy developing the next unraid version but as stated before by other community members would be nice to receive some updates regarding the base system for security reason.

 

I am on latest unraid version which according to PHP info ships PHP version 8.2.7 which is vulnerable to the CVE-2024-4577 according to the advisory.

There is an exploit on the wild already and a PoC, I haven't tested it myself. Could you please confirm unraid is vulnerable?

 

Could you please provide a system update to fix this and probably other vulnerable packages that are presents on the system while we wait for the next big major upgrade?

 

Thank you!

 

@ljm42

Link to comment
10 minutes ago, Mik3 said:

Dear Unraid devs,

 

thanks for your hard work and continuos support and for the amazing product unraid is.

 

I know you are actually busy developing the next unraid version but as stated before by other community members would be nice to receive some updates regarding the base system for security reason.

 

I am on latest unraid version which according to PHP info ships PHP version 8.2.7 which is vulnerable to the CVE-2024-4577 according to the advisory.

There is an exploit on the wild already and a PoC, I haven't tested it myself. Could you please confirm unraid is vulnerable?

 

Could you please provide a system update to fix this and probably other vulnerable packages that are presents on the system while we wait for the next big major upgrade?

 

Thank you!

 

@ljm42

Reading the CVE, this oly affects PHP running on Windows.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...