CVE-2017-5543: Code Injection

January 20, 2017 (updated November 8, 2018)

A vulnerability in includes/classes/ia allows remote attackers to conduct PHP Object Injection attacks via crafted deserialized data in a salt cookie in a login request.

References

www.securityfocus.com/bid/95688
github.com/intelliants/subrion/issues/297
nvd.nist.gov/vuln/detail/CVE-2017-5543

Detect and mitigate CVE-2017-5543 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →