Object injection in cookie driver
Package
5.0.13 release
(packagist)
Affected versions
<5.0.13
Patched versions
5.0.13
Description
Credits
-
Geolim4 Analyst
Geolim4
Analyst
Impact
An possible object injection has been discovered in cookie driver prior 5.0.13 versions (of 5.x releases).
Patches
The issue has been addressed by enforcing JSON conversion when deserializing
Workarounds
If you can't fix it, use another driver such as "Files" (Filesystem)
References
Fixing release: https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
For more information
If you have any questions or comments about this advisory: