Headline

GHSA-m2hp-5x78-74mg: Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

5 months ago

ghsa

Open in Source

#vulnerability #mac #git #php

Package

composer typo3/flow (Composer)

Affected versions

>= 1.0.0, < 1.0.4

Patched versions

1.0.4

Description

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

References

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2012-03-28.yaml
https://www.neos.io/blog/flow-sa-2012-001.html

Published to the GitHub Advisory Database

Jun 5, 2024

Reviewed

Jun 5, 2024

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

1 day ago

ghsa

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

1 day ago

ghsa

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

1 day ago

ghsa

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

1 day ago

ghsa

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

1 day ago

ghsa