Tom Klingenberg

**Name of the Vulnerable Software and Affected Versions** PharStreamWrapper package versions 2.x before 2.1.1 PharStreamWrapper package versions 3.x before 3.1.1 **Description** The PharMetaDataInterceptor in the PharStreamWrapper package mishandles Phar stub parsing, allowing attackers to bypass a deserialization protection mechanism. **Recommendations** For PharStreamWrapper package versions 2.x before 2.1.1, update to version 2.1.1 or later. For PharStreamWrapper package versions 3.x before 3.1.1, update to version 3.1.1 or later.