Download
| Alert*
oval:org.secpod.oval:def:55033
It was discovered that incomplete validation in a Phar processing library embedded in Drupal, a fully-featured content management framework, could result in information disclosure. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-007. oval:org.secpod.oval:def:116619 Interceptors for PHP's native phar:// stream handling. Autoloader: /usr/share/php/TYPO3/PharStreamWrapper/autoload.php oval:org.secpod.oval:def:116626 Interceptors for PHP's native phar:// stream handling. Autoloader: /usr/share/php/TYPO3/PharStreamWrapper/autoload.php oval:org.secpod.oval:def:116802 Interceptors for PHP's native phar:// stream handling . Autoloader: /usr/share/php/TYPO3/PharStreamWrapper2/autoload.php oval:org.secpod.oval:def:116810 Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue [#21090]. You can use this package in projects that rely on PHP versions older than PHP 7.0. In case you are using PHP 7.0+ the original unserialize will be ... oval:org.secpod.oval:def:116800 Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue [#21090]. You can use this package in projects that rely on PHP versions older than PHP 7.0. In case you are using PHP 7.0+ the original unserialize will be ... oval:org.secpod.oval:def:116624 Interceptors for PHP's native phar:// stream handling. Autoloader: /usr/share/php/TYPO3/PharStreamWrapper/autoload.php oval:org.secpod.oval:def:1801434 The PharStreamWrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. Fixed In Version:¶ drupal 7.67 oval:org.secpod.oval:def:116809 Interceptors for PHP's native phar:// stream handling . Autoloader: /usr/share/php/TYPO3/PharStreamWrapper2/autoload.php oval:org.secpod.oval:def:603924 It was discovered that incomplete validation in a Phar processing library embedded in Drupal, a fully-featured content management framework, could result in information disclosure. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-007. |