PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-09T03:51:50
Updated: 2019-05-17T04:06:02
Reserved: 2019-05-08T00:00:00
Link: CVE-2019-11830
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-09T04:29:00.770
Modified: 2023-11-07T03:03:16.883
Link: CVE-2019-11830
JSON object: View
Redhat Information
No data.
CWE