Описание
contao/core PHP object injection vulnerability allows for arbitrary code execution
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize() function.
Ссылки
- https://github.com/contao/core/issues/6695
- https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
- https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
- https://contao.org/en/news/major-security-hole-found-in-contao.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
Пакеты
Наименование
contao/core
composer
Затронутые версииВерсия исправления
>= 2.0.0, < 2.11.14
2.11.14
Наименование
contao/core
composer
Затронутые версииВерсия исправления
>= 3.0.0, < 3.2.5
3.2.5