Kelvinzhu-Okta

**Name of the Vulnerable Software and Affected Versions** Auth0-PHP versions 8.0.0-BETA3 through 8.14.0 **Description** The issue is due to insecure deserialization of cookie data. If exploited, a threat actor could send a specially crafted cookie containing malicious serialized data, as the SDK processes cookie content without prior authentication. Applications using the Auth0-PHP SDK, as well as those using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, are affected because they rely on the vulnerable Auth0-PHP SDK versions. **Recommendations** For versions 8.0.0-BETA3 through 8.14.0, update to version 8.14.0 to patch the security flaw. As a temporary workaround, consider restricting the processing of cookie content to minimize the risk of exploitation.