GHSA-7h74-7vcw-4mwp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7h74-7vcw-4mwp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-7h74-7vcw-4mwp/GHSA-7h74-7vcw-4mwp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7h74-7vcw-4mwp
- Published
- 2024-05-17T22:32:12Z
- Modified
- 2024-05-17T22:32:12Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Insecure deserialize Vulnerability in FLOW3
- Details
-
Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.
To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-05-17T22:32:12Z" }- References
Affected packages
Packagist / neos/flow
Package
- Name
- neos/flow
- Purl
- pkg:composer/neos/flow