CNNVD-202510-021 Information
CNNVD ID
CNNVD-202510-021
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Auth0-PHP是Auth0开源的一个用于Auth0身份验证和管理API的PHP SDK。 Auth0-PHP 3.3.0版本至8.16.0版本存在安全漏洞,该漏洞源于未验证文件路径包装器或值,可能导致接受任意文件路径或URL。
Description (English)
Auth0-PHP is a PHP SDK for Auth0 identification and management of API. There is a security loophole between versions Auth0-PHP 3.3.0 to 8.16.0, which stems from unverified file path packagings or values that may lead to acceptance of any file path or URL.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Auth0
Published
2025-10-01
Last Modified
2026-02-24
References
https://github.com/auth0/auth0-PHP/commit/9026da58f5c381cd4cb5932de829eff6eacbb65c https://github.com/auth0/auth0-PHP/releases/tag/8.17.0 https://github.com/auth0/auth0-PHP/security/advisories/GHSA-9mh6-g99m-ppcw https://github.com/auth0/laravel-auth0/security/advisories/GHSA-hjfh-5jmm-xr24 https://github.com/auth0/symfony/security/advisories/GHSA-7jp2-5h22-m432 https://github.com/auth0/wordpress/security/advisories/GHSA-w22c-pw5m-482x
Patch
https://github.com/auth0/auth0-PHP/releases
Share on: