CVE-2019-16774
published 2019-12-12CVE-2019-16774: In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.
PriorityP345critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.23%
65.1th percentile
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpfastcache | phpfastcache | < 5.0.13 | 5.0.13 |
| phpfastcache | phpfastcache | >= 5.0.0 < 5.0.13 | 5.0.13 |
| phpsocialnetwork | phpfastcache | < 5.1.3 | 5.1.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Object injection in cookie driver in phpfastcache
ghsa·2019-12-12
CVE-2019-16774 [MEDIUM] CWE-94 Object injection in cookie driver in phpfastcache
Object injection in cookie driver in phpfastcache
### Impact
An possible object injection has been discovered in cookie driver prior 5.0.13 versions (of 5.x releases).
### Patches
The issue has been addressed by enforcing JSON conversion when deserializing
### Workarounds
If you can't fix it, use another driver such as "Files" (Filesystem)
### References
Fixing release: https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [the issue tracker](https://github.com/PHPSocialNetwork/phpfastcache/issues)
* Email us at [[email protected]](mailto:[email protected])
OSV
Object injection in cookie driver in phpfastcache
osv·2019-12-12
CVE-2019-16774 [MEDIUM] Object injection in cookie driver in phpfastcache
Object injection in cookie driver in phpfastcache
### Impact
An possible object injection has been discovered in cookie driver prior 5.0.13 versions (of 5.x releases).
### Patches
The issue has been addressed by enforcing JSON conversion when deserializing
### Workarounds
If you can't fix it, use another driver such as "Files" (Filesystem)
### References
Fixing release: https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [the issue tracker](https://github.com/PHPSocialNetwork/phpfastcache/issues)
* Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2
2019-12-12
Published