CVE-2022-45982: Deserialization of Untrusted Data

February 8, 2023 (updated February 16, 2023)

thinkphp 6.0.0~~6.0.13 and 6.1.0~~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

References

gist.github.com/Dar1in9s/aa87df679057db3bbdade360d77f8cca
nvd.nist.gov/vuln/detail/CVE-2022-45982

Detect and mitigate CVE-2022-45982 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →