GHSA-m2hp-5x78-74mg – typo3/flow

Package

Manager: composer
Name: typo3/flow
Vulnerable Version: >=1.0.0 <1.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Insecure Unserialize Vulnerability in FLOW3 Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

Metadata

Created: 2024-06-05T20:47:07Z
Modified: 2024-06-05T20:47:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-m2hp-5x78-74mg/GHSA-m2hp-5x78-74mg.json
CWE IDs: []
Alternative ID: N/A
Finding: F096
Auto approve: 1