Deserialization of untrusted data from the mimes
parameter could lead to remote code execution.
Fixed in 3.0.9
Not needed, a composer update
will solve it in a non-breaking way.
Reported responsibly Vladislav Gladkiy at Positive Technologies.
{ "nvd_published_at": "2024-11-13T16:15:20Z", "cwe_ids": [ "CWE-502" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-11-13T18:43:02Z" }