Lucene search
PRIOn knowledge basePRION:CVE-2019-11830HistoryMay 09, 2019 - 4:29 a.m.
Deserialization of untrusted data
2019-05-0904:29:00
PRIOn knowledge base
www.prio-n.com
11
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pharstreamwrapper | ge | 2.0.0 | |
| pharstreamwrapper | lt | 2.1.1 | |
| pharstreamwrapper | ge | 3.0.0 | |
| pharstreamwrapper | lt | 3.1.1 |
References
github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
lists.fedoraproject.org/archives/list/[email protected]/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
lists.fedoraproject.org/archives/list/[email protected]/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
lists.fedoraproject.org/archives/list/[email protected]/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
typo3.org/security/advisory/typo3-psa-2019-008/
Related
cve
cve
CVE-2019-11830
2019-05-09 04:29:00
github
github
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
2022-05-24 16:45:24
friendsofphp
friendsofphp
By-passing Protection of PharStreamWrapper Interceptor
2019-05-06 14:40:00
typo3
typo3
By-passing protection of Phar Stream Wrapper Interceptor
2019-05-08 00:00:00
cvelist
cvelist
CVE-2019-11830
2019-05-09 03:51:50
nvd
nvd
CVE-2019-11830
2019-05-09 04:29:00
osv
osv
CVE-2019-11830
2019-05-09 04:29:00
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
2022-05-24 16:45:24
openvas
openvas
Fedora Update for php-typo3-phar-stream-wrapper FEDORA-2019-3c89837025
2019-05-17 00:00:00
Fedora Update for php-brumann-polyfill-unserialize FEDORA-2019-af7bef7165
2019-06-29 00:00:00
Fedora Update for php-typo3-phar-stream-wrapper2 FEDORA-2019-a8121923d5
2019-06-27 00:00:00
nessus
nessus
fedora
fedora
[SECURITY] Fedora 29 Update: php-brumann-polyfill-unserialize-1.0.3-1.fc29
2019-06-28 05:21:23
[SECURITY] Fedora 28 Update: php-typo3-phar-stream-wrapper-3.1.1-1.fc28
2019-05-17 01:18:50
[SECURITY] Fedora 30 Update: php-typo3-phar-stream-wrapper2-2.1.2-1.fc30
2019-06-27 00:55:35