CVE-2024-44902: ThinkPHP deserialization vulnerability

September 9, 2024

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

References

github.com/advisories/GHSA-f4wh-359g-4pq7
github.com/fru1ts/CVE-2024-44902
github.com/top-think/framework
nvd.nist.gov/vuln/detail/CVE-2024-44902

Detect and mitigate CVE-2024-44902 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →