CVE-2021-21327

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.5.4

Description The issue allows a non-authenticated user to remotely instantiate objects of any class in the GLPI environment, potentially leading to malicious attacks or the start of a "POP chain". This affects the integrity of the GLPI core platform and third-party plugins runtime, particularly those with sensitive operations in their constructors or destructors.

Recommendations For versions prior to 9.5.4, update to version 9.5.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive classes and their constructors or destructors to minimize the risk of exploitation.