GHSA-484f-743f-6jx2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-484f-743f-6jx2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-484f-743f-6jx2/GHSA-484f-743f-6jx2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-484f-743f-6jx2
- Aliases
- Published
- 2019-12-12T22:50:20Z
- Modified
- 2023-11-08T04:01:21.151645Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Object injection in cookie driver in phpfastcache
- Details
-
Impact
An possible object injection has been discovered in cookie driver prior 5.0.13 versions (of 5.x releases).
Patches
The issue has been addressed by enforcing JSON conversion when deserializing
Workarounds
If you can't fix it, use another driver such as "Files" (Filesystem)
References
Fixing release: https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
For more information
If you have any questions or comments about this advisory: * Open an issue in the issue tracker * Email us at security@geolim4.com
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T20:57:47Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-94" ] }- References
-
- https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2
- https://nvd.nist.gov/vuln/detail/CVE-2019-16774
- https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4
- https://github.com/PHPSocialNetwork/phpfastcache
- https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
- https://github.com/advisories/GHSA-484f-743f-6jx2
Affected packages
Packagist / phpfastcache/phpfastcache
Package
- Name
- phpfastcache/phpfastcache
- Purl
- pkg:composer/phpfastcache/phpfastcache