GHSA-m2hp-5x78-74mg

Опубликовано: 05 июн. 2024

Источник: github

Github: Прошло ревью

Описание

Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

Ссылки

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2012-03-28.yaml
https://www.neos.io/blog/flow-sa-2012-001.html

Пакеты

Наименование

typo3/flow

composer

Затронутые версииВерсия исправления

>= 1.0.0, < 1.0.4

1.0.4