Headline

GHSA-m2hp-5x78-74mg: Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

5 months ago

ghsa

Open in Source

#vulnerability #mac #git #php

Package

composer typo3/flow (Composer)

Affected versions

>= 1.0.0, < 1.0.4

Patched versions

1.0.4

Description

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

References

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2012-03-28.yaml
https://www.neos.io/blog/flow-sa-2012-001.html

Published to the GitHub Advisory Database

Jun 5, 2024

Reviewed

Jun 5, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

12 hours ago

ghsa

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

12 hours ago

ghsa

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

12 hours ago

ghsa

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

13 hours ago

ghsa

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

17 hours ago

ghsa