GHSA-wq43-8r5p-w3mc: contao/core PHP object injection vulnerability allows for arbitrary code execution
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize() function.
References
- contao.org/en/news/major-security-hole-found-in-contao.html
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
- github.com/advisories/GHSA-wq43-8r5p-w3mc
- github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
- github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
- github.com/contao/core/issues/6695
Code Behaviors & Features
Detect and mitigate GHSA-wq43-8r5p-w3mc with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →