Author Topic: Critical PHP Flaw  (Read 373 times)

mcarter01

  • EA Novice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Critical PHP Flaw
« on: June 10, 2024, 09:02:46 pm »
On June 6, 2024, PHP released:

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability

which augmented CVE-2012-1823. The recommended fix is to incorporate PHP 8.3.8, 8.2.20, and 8.1.29. Has Sparx upgraded WebEA to meet this CVE?

Geert Bellekens

  • EA Guru
  • *****
  • Posts: 12995
  • Karma: +544/-33
  • Make EA work for YOU!
    • View Profile
    • Enterprise Architect Consultant and Value Added Reseller
Re: Critical PHP Flaw
« Reply #1 on: June 10, 2024, 09:52:31 pm »
I hope you also asked Sparx?

Remember, this is a user forum so you are basically asking your fellow users.

Geert

Eve

  • EA Administrator
  • EA Guru
  • *****
  • Posts: 8018
  • Karma: +118/-20
    • View Profile
Re: Critical PHP Flaw
« Reply #2 on: June 11, 2024, 08:57:56 am »
https://sparxsystems.com/enterprise_architect_user_guide/16.1/the_model_repository/webea_website.html
WebEA can run on 8 or later. Generally speaking you are responsible for the environment. (If you have SaaS then I don't know the answer.)