CVE-2019-11831: Directory Traversal in typo3/phar-stream-wrapper
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.39974%
CWE
Published
9/30/2021
Updated
2/6/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
typo3/phar-stream-wrapper | composer | >= 2.0.0, < 2.1.1 | 2.1.1 |
typo3/phar-stream-wrapper | composer | >= 3.0.0, < 3.1.1 | 3.1.1 |
drupal/core | composer | >= 7.0.0, < 7.67.0 | 7.67.0 |
drupal/core | composer | >= 8.0.0, < 8.6.16 | 8.6.16 |
drupal/core | composer | >= 8.7.0, < 8.7.1 | 8.7.1 |
drupal/drupal | composer | >= 7.0.0, < 7.67.0 | 7.67.0 |
drupal/drupal | composer | >= 8.0.0, < 8.6.16 | 8.6.16 |
drupal/drupal | composer | >= 8.7.0, < 8.7.1 | 8.7.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper path handling in the PharStreamWrapper
's Helper class. The TYPO3 advisory explicitly references an example where 'phar:///path/bad.phar/../good.phar' is incorrectly resolved to '/path/good.phar', bypassing checks. The determineBaseFile()
and getCanonicalPath()
functions are directly responsible for path resolution and canonicalization. The patches in versions 2.1.1/3.1.1 addressed these functions, confirming their role in the vulnerability. The CWE-22 (Path Traversal) mapping aligns with the flawed path resolution mechanism.