VulnerableCode Package Details - pkg:composer/typo3/phar-stream-wrapper@3.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-349d-w26k-mqfw Aliases: CVE-2019-11831 GHSA-xv7v-rf6g-xwrc	Moderately critical - Third-party libraries - SA-CORE-2019-007 The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.	3.1.1 Affected by 0 other vulnerabilities.
VCID-ddsb-8rn2-x7gb Aliases: 2019-05-08-1	Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.	3.1.1 Affected by 0 other vulnerabilities.
VCID-hsez-yx7s-uuhn Aliases: CVE-2019-11830 GHSA-3hxw-g85p-qgxm	PharStreamWrapper for Typo3 unsafe deserialization vulnerability PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.	3.1.1 Affected by 0 other vulnerabilities.
VCID-xvf6-5tjp-b7bu Aliases: 2019-05-08-2	Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.	3.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-349d-w26k-mqfw
Aliases:
CVE-2019-11831
GHSA-xv7v-rf6g-xwrc

Moderately critical - Third-party libraries - SA-CORE-2019-007 The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.

3.1.1
Affected by 0 other vulnerabilities.

VCID-ddsb-8rn2-x7gb
Aliases:
2019-05-08-1

Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.

3.1.1
Affected by 0 other vulnerabilities.

VCID-hsez-yx7s-uuhn
Aliases:
CVE-2019-11830
GHSA-3hxw-g85p-qgxm

PharStreamWrapper for Typo3 unsafe deserialization vulnerability PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.

3.1.1
Affected by 0 other vulnerabilities.

VCID-xvf6-5tjp-b7bu
Aliases:
2019-05-08-2

Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.

3.1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:55:51.366843+00:00	GitLab Importer	Affected by	VCID-hsez-yx7s-uuhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11830.yml	38.4.0
2026-04-16T21:31:46.608318+00:00	GitLab Importer	Affected by	VCID-349d-w26k-mqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11831.yml	38.4.0
2026-04-16T20:54:10.697760+00:00	GitLab Importer	Affected by	VCID-xvf6-5tjp-b7bu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-2.yml	38.4.0
2026-04-16T20:54:10.023780+00:00	GitLab Importer	Affected by	VCID-ddsb-8rn2-x7gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-1.yml	38.4.0
2026-04-11T23:11:14.912655+00:00	GitLab Importer	Affected by	VCID-hsez-yx7s-uuhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11830.yml	38.3.0
2026-04-11T22:45:00.747201+00:00	GitLab Importer	Affected by	VCID-349d-w26k-mqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11831.yml	38.3.0
2026-04-11T22:05:07.358826+00:00	GitLab Importer	Affected by	VCID-xvf6-5tjp-b7bu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-2.yml	38.3.0
2026-04-11T22:05:06.474047+00:00	GitLab Importer	Affected by	VCID-ddsb-8rn2-x7gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-1.yml	38.3.0
2026-04-02T23:19:43.443219+00:00	GitLab Importer	Affected by	VCID-hsez-yx7s-uuhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11830.yml	38.1.0
2026-04-02T22:54:57.892291+00:00	GitLab Importer	Affected by	VCID-349d-w26k-mqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11831.yml	38.1.0
2026-04-02T22:18:00.296424+00:00	GitLab Importer	Affected by	VCID-xvf6-5tjp-b7bu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-2.yml	38.1.0
2026-04-02T22:17:59.480696+00:00	GitLab Importer	Affected by	VCID-ddsb-8rn2-x7gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-1.yml	38.1.0
2026-04-01T17:40:14.911103+00:00	GitLab Importer	Affected by	VCID-hsez-yx7s-uuhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11830.yml	38.0.0
2026-04-01T17:13:15.775452+00:00	GitLab Importer	Affected by	VCID-349d-w26k-mqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11831.yml	38.0.0
2026-04-01T16:35:40.715443+00:00	GitLab Importer	Affected by	VCID-xvf6-5tjp-b7bu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-2.yml	38.0.0
2026-04-01T16:35:39.708668+00:00	GitLab Importer	Affected by	VCID-ddsb-8rn2-x7gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/2019-05-08-1.yml	38.0.0