As you know, D2 runs monthly vulnerability scans to detect potential security weaknesses within our partners’ networks. During these scans, we monitor for recurring issues that occur across multiple members of our community. One such issue we’ve recently discovered is the use of unsupported PHP versions.
During our scans, we have detected partners using the following unsecure versions of PHP:
• Versions prior to 7.1.33
• Version 7.2.x before 7.2.24
• Version 7.3.x before 7.3.11
These outdated PHP versions are affected by a remote code execution vulnerability that could allow an attacker to gain control of your network. An unauthenticated user could exploit this security weakness by sending a specially crafted request to run arbitrary code on your system. This would allow the attacker to perform a denial of service attack or obtain sensitive information from the server or network.
At this time, we are advising all D2 community members to upgrade to PHP version 7.3.11 or later to resolve this issue.