Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m2hp-5x78-74mg: Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

ghsa
#vulnerability#mac#git#php

Package

composer typo3/flow (Composer)

Affected versions

>= 1.0.0, < 1.0.4

Patched versions

1.0.4

Description

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

References

  • https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2012-03-28.yaml
  • https://www.neos.io/blog/flow-sa-2012-001.html

Published to the GitHub Advisory Database

Jun 5, 2024

Reviewed

Jun 5, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname