CVE-2019-11830

Published: 2019-05-09T04:29Z

Last Modified: 2024-11-21T04:21Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt