-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the use of unserialize() on untrusted cookie data in the loadSession() method. PHP's unserialize() can instantiate arbitrary objects when processing untrusted input, which is a well-known vector for PHP object injection attacks. The patch replaced unserialize() with json_decode(), which safely deserializes data without executing code. The direct correlation between the removal of unserialize() and the CVE description confirms this as the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| slim/slim | composer | < 2.6.0 | 2.6.0 |
A Semantic Attack on Google Gemini - Read the Latest Research