9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Fields GLPI plugin vulnerable to RCE in dropdown generation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
References
- https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7 x_refsource_CONFIRM
- https://github.com/pluginsGLPI/fields/releases/tag/1.23.3 x_refsource_MISC
Affected products
- ==< 1.23.3
Matching in nixpkgs
pkgs.ocamlPackages.csvfields
Runtime support for ppx_xml_conv and ppx_csv_conv
pkgs.ocamlPackages.fieldslib
Syntax extension to define first class values representing record fields, to get and set record fields, iterate and fold over all fields of a record and create new record values
pkgs.python312Packages.fields
Container class boilerplate killer
pkgs.python313Packages.fields
Container class boilerplate killer
pkgs.python314Packages.fields
Container class boilerplate killer
pkgs.haskellPackages.fields-json
Abusing monadic syntax JSON objects generation
pkgs.ocamlPackages.ppx_fields_conv
Generation of accessor and iteration functions for ocaml records
pkgs.ocamlPackages.ppx_typed_fields
GADT-based field accessors and utilities
pkgs.ocamlPackages_latest.csvfields
Runtime support for ppx_xml_conv and ppx_csv_conv
pkgs.ocamlPackages_latest.fieldslib
Syntax extension to define first class values representing record fields, to get and set record fields, iterate and fold over all fields of a record and create new record values
pkgs.python312Packages.drf-flex-fields
Dynamically set fields and expand nested resources in Django REST Framework serializers
pkgs.python313Packages.drf-flex-fields
Dynamically set fields and expand nested resources in Django REST Framework serializers
pkgs.python314Packages.drf-flex-fields
Dynamically set fields and expand nested resources in Django REST Framework serializers
pkgs.ocamlPackages.janeStreet.csvfields
Runtime support for ppx_xml_conv and ppx_csv_conv
pkgs.ocamlPackages.janeStreet.fieldslib
Syntax extension to define first class values representing record fields, to get and set record fields, iterate and fold over all fields of a record and create new record values
pkgs.python312Packages.drf-extra-fields
Extra Fields for Django Rest Framework
pkgs.python313Packages.drf-extra-fields
Extra Fields for Django Rest Framework
pkgs.python314Packages.drf-extra-fields
Extra Fields for Django Rest Framework
pkgs.ocamlPackages_latest.ppx_fields_conv
Generation of accessor and iteration functions for ocaml records
pkgs.ocamlPackages_latest.ppx_typed_fields
GADT-based field accessors and utilities
pkgs.ocamlPackages.janeStreet.ppx_fields_conv
Generation of accessor and iteration functions for ocaml records
pkgs.ocamlPackages.janeStreet.ppx_typed_fields
GADT-based field accessors and utilities
pkgs.ocamlPackages_latest.janeStreet.csvfields
Runtime support for ppx_xml_conv and ppx_csv_conv
pkgs.ocamlPackages_latest.janeStreet.fieldslib
Syntax extension to define first class values representing record fields, to get and set record fields, iterate and fold over all fields of a record and create new record values
pkgs.python312Packages.django-postgresql-netfields
Django PostgreSQL netfields implementation
pkgs.python313Packages.django-postgresql-netfields
Django PostgreSQL netfields implementation
pkgs.python314Packages.django-postgresql-netfields
Django PostgreSQL netfields implementation
pkgs.ocamlPackages_latest.janeStreet.ppx_fields_conv
Generation of accessor and iteration functions for ocaml records
pkgs.python312Packages.django-encrypted-model-fields
Set of fields that wrap standard Django fields with encryption provided by the python cryptography library
pkgs.python313Packages.django-encrypted-model-fields
Set of fields that wrap standard Django fields with encryption provided by the python cryptography library
pkgs.python314Packages.django-encrypted-model-fields
Set of fields that wrap standard Django fields with encryption provided by the python cryptography library
pkgs.ocamlPackages_latest.janeStreet.ppx_typed_fields
GADT-based field accessors and utilities
Package maintainers
-
@centromere Alex Wied <nix@centromere.net>
-
@felbinger Nico Felbinger <nico@felbinger.eu>
-
@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>