CVE-2019-11830

Name of the Vulnerable Software and Affected Versions PharStreamWrapper package versions 2.x before 2.1.1 PharStreamWrapper package versions 3.x before 3.1.1

Description The PharMetaDataInterceptor in the PharStreamWrapper package mishandles Phar stub parsing, allowing attackers to bypass a deserialization protection mechanism.

Recommendations For PharStreamWrapper package versions 2.x before 2.1.1, update to version 2.1.1 or later. For PharStreamWrapper package versions 3.x before 3.1.1, update to version 3.1.1 or later.