Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-3fpv-54ff-wqfj: Deserialization of Untrusted Data in topthink/framework

The package topthink/framework before version 6.0.12 is vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.

ghsa
#git

Deserialization of Untrusted Data in topthink/framework

Critical severity GitHub Reviewed Published May 7, 2022 • Updated May 24, 2022

Related news

CVE-2021-23592: Release V6.0.12 · top-think/framework

The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.