Craft Security Update Advisory (CVE-2024-56145)

Dec 23 2024

Overview

An update has been released to address vulnerabilities in Craft. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-56145

Craft versions: 5.0.0-RC1 (inclusive) ~ 5.5.2 (excluded)
Craft versions: 4.0.0-RC1 (inclusive) ~ 4.13.2 (excluded)
Craft versions: 3.0.0 (inclusive) ~ 3.9.14 (excluded)

Resolved Vulnerabilities

Remote code execution vulnerability when register_argc_argv is enabled (CVE-2024-56145)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-56145

Craft version: 5.5.2
Craft version: 4.13.2
Craft version: 3.9.14

Referenced SItes

[1] CVE-2024-56145 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-56145

[2] Potential RCE when PHP `register_argc_argv` config setting is enabled

https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9

[3] craftcms/ commit

https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3

Craft Security Update Advisory (CVE-2024-56145)

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory

Tags:

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory