CVE-2018-11756
moderate-risk
Published 2018-07-23
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
Do I need to act?
~
2.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 6caf902f527250ee4b7b695929b628d560e0dad1, faa91c556864bf06779a0bb05bbf97ad72a034fb, 83fc7fc84fc2b439da0cc4e08cb511d9753dbcca
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Openwhisk
Affected Vendors
References (7)
Third Party Advisory
http://www.securityfocus.com/bid/104915
Third Party Advisory
http://www.securityfocus.com/bid/104915
42
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
5/34 · Minimal