1
Candidate: CVE-2017-9841
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9841
5
http://phpunit.vulnbusters.com/
6
https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5
7
https://github.com/sebastianbergmann/phpunit/pull/1956
9
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3
10
allows remote attackers to execute arbitrary PHP code via HTTP POST data
11
beginning with a "<?php " substring, as demonstrated by an attack on a site
12
with an exposed /vendor folder, i.e., external access to the
13
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
22
upstream_phpunit: needs-triage
23
precise/esm_phpunit: DNE
24
trusty_phpunit: not-affected (code not present)
25
vivid/ubuntu-core_phpunit: DNE
26
xenial_phpunit: needed
27
yakkety_phpunit: ignored (reached end-of-life)
28
zesty_phpunit: ignored (reached end-of-life)
29
artful_phpunit: needed
30
bionic_phpunit: needed