Search for packages
purl | pkg:composer/typo3/phar-stream-wrapper@3.1.1 |
Vulnerability | Summary | Fixed by |
---|---|---|
This package is not known to be affected by vulnerabilities. |
Vulnerability | Summary | Aliases |
---|---|---|
VCID-26cb-xbap-nkaq | Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor. |
2019-05-08-1
|
VCID-2n1x-m9ww-nqcv | Insecure Deserialization By-passing Protection of `PharStreamWrapper` Interceptor. |
2019-05-08-2
|
VCID-92g1-pg8a-qqdk | Directory Traversal in typo3/phar-stream-wrapper The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. |
CVE-2019-11831
GHSA-xv7v-rf6g-xwrc |
VCID-n4g2-yd9q-muhc | PharStreamWrapper for Typo3 unsafe deserialization vulnerability PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. |
CVE-2019-11830
GHSA-3hxw-g85p-qgxm |