PT-2019-5880 · Phpfastcache · Phpfastcache

Geolim4

Published

2019-12-12

Updated

2020-10-07

CVE-2019-16774

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions phpfastcache versions prior to 5.1.3

Description The issue is related to shortcomings in the deserialization mechanism of the PhpFastCache library. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with a possible object injection in the cookie driver.

Recommendations For versions prior to 5.1.3, consider using another driver, such as the "Files" (Filesystem) driver, as a temporary workaround until the issue is resolved. Update to version 5.1.3 or later, which enforces JSON conversion when deserializing to address the issue.

Fix

Deserialization of Untrusted Data

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-94

Related Identifiers

BDU:2021-03584

CVE-2019-16774

GHSA-484F-743F-6JX2

Affected Products

Phpfastcache

PT-2019-5880 · Phpfastcache · Phpfastcache

CVE-2019-16774

Weakness Enumeration

Related Identifiers

Affected Products

References · 11