GHSA-7h74-7vcw-4mwp

Опубликовано: 17 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 3.7

Описание

Insecure deserialize Vulnerability in FLOW3

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

Ссылки

https://github.com/FriendsOfPHP/security-advisories/blob/master/neos/flow/2012-03-28.yaml
https://www.neos.io/blog/flow-sa-2012-001.html

Пакеты

Наименование

neos/flow

composer

Затронутые версииВерсия исправления

>= 1.0.0, < 1.0.4

1.0.4

3.7 Low

CVSS3

3.7 Low

CVSS3