{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "6caf902f527250ee4b7b695929b628d560e0dad1" } ], "repo": "https://github.com/apache/openwhisk-runtime-php", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "1.0.1" }, { "introduced": "0" }, { "fixed": "1.0.2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "faa91c556864bf06779a0bb05bbf97ad72a034fb" }, { "introduced": "0" }, { "fixed": "83fc7fc84fc2b439da0cc4e08cb511d9753dbcca" } ], "repo": "https://github.com/php/php-src", "type": "GIT" } ] } ], "details": "In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.", "id": "CVE-2018-11756", "modified": "2026-04-01T23:10:19.656229370Z", "published": "2018-07-23T17:29:00.243Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/439bd5ff5822708c645a0d816ed9914b88c97eda32eae6ea211bc0dc%40%3Cdev.openwhisk.apache.org%3E" }, { "type": "ADVISORY", "url": "https://www.puresec.io/hubfs/Apache%20OpenWhisk%20PureSec%20Security%20Advisory.pdf" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/104915" }, { "type": "FIX", "url": "https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ee4b7b695929b628d560e0dad1" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }