code injection in Wrapper::buildClientWrapperCode
via manipulation of the $client
argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-95" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-11-28T22:07:33Z" }