VulnerableCode Package Details - pkg:composer/typo3/phar-stream-wrapper@2.1.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2k3r-5khh-73c1	Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.	GMS-2019-193
VCID-65fd-rkt4-f3dq	Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.	GMS-2019-192
VCID-dhm4-6x68-bucz	PharStreamWrapper for Typo3 unsafe deserialization vulnerability PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.	CVE-2019-11830 GHSA-3hxw-g85p-qgxm
VCID-gmw7-aj3y-eqed	Directory Traversal in typo3/phar-stream-wrapper The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.	CVE-2019-11831 GHSA-xv7v-rf6g-xwrc

Vulnerability

Summary

Aliases

VCID-2k3r-5khh-73c1

Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.

GMS-2019-193

VCID-65fd-rkt4-f3dq

Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor.

GMS-2019-192

VCID-dhm4-6x68-bucz

PharStreamWrapper for Typo3 unsafe deserialization vulnerability PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.

CVE-2019-11830
GHSA-3hxw-g85p-qgxm

VCID-gmw7-aj3y-eqed

Directory Traversal in typo3/phar-stream-wrapper The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.

CVE-2019-11831
GHSA-xv7v-rf6g-xwrc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T17:31:12.254075+00:00	GitLab Importer	Fixing	VCID-gmw7-aj3y-eqed	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/CVE-2019-11831.yml	38.6.0
2026-05-29T17:30:47.154084+00:00	GitLab Importer	Fixing	VCID-2k3r-5khh-73c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/GMS-2019-193.yml	38.6.0
2026-05-29T17:30:47.131787+00:00	GitLab Importer	Fixing	VCID-65fd-rkt4-f3dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/phar-stream-wrapper/GMS-2019-192.yml	38.6.0
2026-05-29T09:41:48.356411+00:00	GithubOSV Importer	Fixing	VCID-dhm4-6x68-bucz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hxw-g85p-qgxm/GHSA-3hxw-g85p-qgxm.json	38.6.0
2026-05-29T09:12:55.789888+00:00	GithubOSV Importer	Fixing	VCID-gmw7-aj3y-eqed	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-xv7v-rf6g-xwrc/GHSA-xv7v-rf6g-xwrc.json	38.6.0