Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pharstreamwrapper
(Typo3)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-09 | CVE-2019-11830 | PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. | Pharstreamwrapper | 9.8 | ||
| 2019-05-09 | CVE-2019-11831 | The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | Debian_linux, Drupal, Fedora, Joomla\!, Pharstreamwrapper | 9.8 |