-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe security advisory explicitly mentions that the vulnerability exists in the Contao\Template::once() method. Analysis of the provided patches confirms this. The commits consistently modify the once function across different branches of the contao/core-bundle repository. The vulnerability is a logical flaw where a callable passed to once() could be re-executed if its return value was also a callable. An attacker who can control the data within a template closure can leverage this to achieve remote code execution by making the template engine execute a system-level function. The patch mitigates this by introducing a $result variable to store the output of the initial execution and then nullifying the callback, ensuring it cannot be called again. The identified vulnerable function, Contao\Template::once, is the precise location of the flawed logic that was fixed.
Contao\Template::oncecore-bundle/src/Resources/contao/library/Contao/Template.php
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| contao/core-bundle | composer | >= 4.0.0, < 4.13.57 | 4.13.57 |
| contao/core-bundle | composer | >= 5.0.0-RC1, < 5.3.42 | 5.3.42 |
| contao/core-bundle | composer | >= 5.4.0-RC1, < 5.6.5 | 5.6.5 |
PHPPHPOngoing coverage of React2Shell