Jonathan Eskew

**Name of the Vulnerable Software and Affected Versions** Doctrine Annotations versions prior to 1.2.7 Cache versions prior to 1.3.2 and versions 1.4.x prior to 1.4.2 Common versions prior to 2.4.3 and versions 2.5.x prior to 2.5.1 ORM versions prior to 2.4.8 and versions 2.5.x prior to 2.5.1 MongoDB ODM versions prior to 1.0.2 MongoDB ODM Bundle versions prior to 3.0.1 **Description** The issue allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. This is due to the use of world-writable permissions for cache directories. **Recommendations** For Doctrine Annotations versions prior to 1.2.7, update to version 1.2.7 or later. For Cache versions prior to 1.3.2, update to version 1.3.2 or later. For Cache versions 1.4.x prior to 1.4.2, update to version 1.4.2 or later. For Common versions prior to 2.4.3, update to version 2.4.3 or later. For Common versions 2.5.x prior to 2.5.1, update to version 2.5.1 or later. For ORM versions prior to 2.4.8, update to version 2.4.8 or later. For ORM versions 2.5.x prior to 2.5.1, update to version 2.5.1 or later. For MongoDB ODM versions prior to 1.0.2, update to version 1.0.2 or later. For MongoDB ODM Bundle versions prior to 3.0.1, update to version 3.0.1 or later.