{"id":"CVE-2018-11756","details":"In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.","modified":"2026-04-10T04:04:40.293239Z","published":"2018-07-23T17:29:00.243Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/439bd5ff5822708c645a0d816ed9914b88c97eda32eae6ea211bc0dc%40%3Cdev.openwhisk.apache.org%3E"},{"type":"ADVISORY","url":"https://www.puresec.io/hubfs/Apache%20OpenWhisk%20PureSec%20Security%20Advisory.pdf"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104915"},{"type":"FIX","url":"https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ee4b7b695929b628d560e0dad1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/openwhisk-runtime-php","events":[{"introduced":"0"},{"fixed":"6caf902f527250ee4b7b695929b628d560e0dad1"}]},{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"fixed":"faa91c556864bf06779a0bb05bbf97ad72a034fb"},{"introduced":"0"},{"fixed":"83fc7fc84fc2b439da0cc4e08cb511d9753dbcca"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.1"},{"introduced":"0"},{"fixed":"1.0.2"}]}}],"versions":["7.1@1.0.0","7.1@1.0.1","7.1@latest","7.2@1.0.0","7.2@latest"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11756.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}