Security Vulnerability Announcement: HTML_AJAX

Another vulnerability in the HTML_AJAX package has been found which potentially allows remote code execution.

An new release of the package is available which fixes this issue. One is strongly encouraged to upgrade to it by using:

$ pear upgrade HTML_AJAX-0.5.8

This issue is CVE-2017-5677. More details can be found in bug #21165.

Thanks to Egidio Romano who reported this issue.

This entry was posted in Security. Bookmark the permalink.