GHSA-96jg-pmc4-cx39: TYPO3 CMS Insecure Deserialization
It has been discovered that the Form Framework (system extension form
) is vulnerable to Insecure Deserialization when being used with the additional PHP PECL package yaml
, which is capable of unserializing YAML contents to PHP objects. A valid backend user account as well as having PHP setting yaml.decode_php
enabled is needed to exploit this vulnerability (which is the default value according to PHP documentation).
References
Detect and mitigate GHSA-96jg-pmc4-cx39 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →