CVE-2024-40624: TorrentPier Deserialization of Untrusted Data vulnerability
In torrentpier/library/includes/functions.php, get_tracks() uses the unsafe native PHP serialization format to deserialize user-controlled cookies:
References
- github.com/advisories/GHSA-fg86-4c2r-7wxw
- github.com/torrentpier/torrentpier
- github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.php
- github.com/torrentpier/torrentpier/commit/ed37e6e522f345f2b46147c6f53c1ab6dec1db9e
- github.com/torrentpier/torrentpier/security/advisories/GHSA-fg86-4c2r-7wxw
- nvd.nist.gov/vuln/detail/CVE-2024-40624
Code Behaviors & Features
Detect and mitigate CVE-2024-40624 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →