DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CGA-hj27-vp72-6wxh

Published

Last updated

https://images.chainguard.dev/security/CGA-hj27-vp72-6wxh
Package

php-8.5

RepositoryWolfi
Latest Update
Not affected
Aliases
  • CVE-2022-4455
  • GHSA-3957-4jhv-xcc7

Severity

6.1

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2022-4455
  • https://github.com/advisories/GHSA-3957-4jhv-xcc7

Updates

Status

Not affected

Justification

Component not present

Impact

CVE-2022-4455 affects the third-party 'sproctor/php-calendar' web application (https://github.com/sproctor/php-calendar), specifically an XSS vulnerability in the index.php file involving manipulation of $_SERVER['PHP_SELF']. The php-8.5-calendar subpackage is PHP's built-in calendar extension, which is a compiled binary library (calendar.so) that provides calendar conversion functions. The subpackage contains no PHP source files, no index.php file, no web application code, and no XSS vulnerability vectors. These are completely different software components with different codebases and zero code overlap.

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal