VulnerableCode Package Details - pkg:composer/rmccue/requests@1.6.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-x9we-vp2y-9qdh Aliases: CVE-2021-29476 GHSA-52qp-jpq7-6c54	Insecure Deserialization of untrusted data in rmccue/requests ### Impact Unserialization of untrusted data. ### Patches The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. ### References Publications about the vulnerability: * https://dannewitz.ninja/posts/php-unserialize-object-injection-yet-another-stars-rating-wordpress * https://github.com/ambionics/phpggc/issues/52 * https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security/ * https://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf * https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf * https://2018.zeronights.ru/wp-content/uploads/materials/9%20ZN2018%20WV%20-%20PHP%20unserialize.pdf * https://medium.com/@knownsec404team/extend-the-attack-surface-of-php-deserialization-vulnerability-via-phar-d6455c6a1066#3c0f Originally fixed in WordPress 5.5.2: * https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 * https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ Related Security Advisories: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28032 * https://nvd.nist.gov/vuln/detail/CVE-2020-28032 Notification to the Requests repo including a fix in: * https://github.com/rmccue/Requests/pull/421 and * https://github.com/rmccue/Requests/pull/422 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Request](https://github.com/WordPress/Requests/)	1.8.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-x9we-vp2y-9qdh
Aliases:
CVE-2021-29476
GHSA-52qp-jpq7-6c54

Insecure Deserialization of untrusted data in rmccue/requests ### Impact Unserialization of untrusted data. ### Patches The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. ### References Publications about the vulnerability: * https://dannewitz.ninja/posts/php-unserialize-object-injection-yet-another-stars-rating-wordpress * https://github.com/ambionics/phpggc/issues/52 * https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security/ * https://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf * https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf * https://2018.zeronights.ru/wp-content/uploads/materials/9%20ZN2018%20WV%20-%20PHP%20unserialize.pdf * https://medium.com/@knownsec404team/extend-the-attack-surface-of-php-deserialization-vulnerability-via-phar-d6455c6a1066#3c0f Originally fixed in WordPress 5.5.2: * https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 * https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ Related Security Advisories: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28032 * https://nvd.nist.gov/vuln/detail/CVE-2020-28032 Notification to the Requests repo including a fix in: * https://github.com/rmccue/Requests/pull/421 and * https://github.com/rmccue/Requests/pull/422 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Request](https://github.com/WordPress/Requests/)

1.8.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T09:53:07.039455+00:00	GitLab Importer	Affected by	VCID-x9we-vp2y-9qdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/rmccue/requests/CVE-2021-29476.yml	37.0.0

2025-08-01T09:53:07.039455+00:00

GitLab Importer

Affected by

VCID-x9we-vp2y-9qdh

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/rmccue/requests/CVE-2021-29476.yml

37.0.0

Next non-vulnerable version	1.8.0
Latest non-vulnerable version	1.8.0
Risk	4.5