GHSA-wq43-8r5p-w3mc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wq43-8r5p-w3mc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wq43-8r5p-w3mc/GHSA-wq43-8r5p-w3mc.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-wq43-8r5p-w3mc
- Published
- 2024-05-15T18:31:04Z
- Modified
- 2024-11-29T05:40:08.403251Z
- Summary
- contao/core PHP object injection vulnerability allows for arbitrary code execution
- Details
-
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to
deserialize()function. - Database specific
{ "nvd_published_at": null, "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2024-05-15T18:31:04Z", "cwe_ids": [] }- References
-
- https://github.com/contao/core/issues/6695
- https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
- https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
- https://contao.org/en/news/major-security-hole-found-in-contao.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
Affected packages
Packagist / contao/core
Package
- Name
- contao/core
- Purl
- pkg:composer/contao/core
Affected versions
2.*
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.8.RC1
2.8.RC2
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.9.RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.10.beta1
2.10.RC1
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.11.RC1
2.11.RC2
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.11.10
2.11.11
2.11.12
2.11.13
Packagist / contao/core
Package
- Name
- contao/core
- Purl
- pkg:composer/contao/core