contao/core PHP object injection vulnerability allows for arbitrary code execution
High severity
GitHub Reviewed
Published
May 15, 2024
to the GitHub Advisory Database
•
Updated May 15, 2024
Package
Affected versions
>= 2.0.0, < 2.11.14
>= 3.0.0, < 3.2.5
Patched versions
2.11.14
3.2.5
Description
Published to the GitHub Advisory Database
May 15, 2024
Reviewed
May 15, 2024
Last updated
May 15, 2024
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to
deserialize()
function.References