3.7

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-7h74-7vcw-4mwp

EPSS Score

CWE

Published

5/17/2024

Updated

5/17/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-7h74-7vcw-4mwp

GHSA-7h74-7vcw-4mwp: Insecure deserialize Vulnerability in FLOW3

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

(GitHub Advisory)

3.7

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-7h74-7vcw-4mwp

EPSS Score

CWE

Published

5/17/2024

Updated

5/17/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
neos/flow	composer	>= 1.0.0, < 1.0.4	1.0.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*u* to * missin* si*n*tur* (*M**) *or * r*qu*st *r*um*nt, *n *tt**k*r *oul* uns*ri*liz* *r*itr*ry o*j**ts wit*in *LOW*. To our knowl**** it is n*it**r possi*l* to inj**t *o** t*rou** t*is vuln*r**ility, nor *r* t**r* *xploit**l* o*j**ts wit*in t** *

Reasoning

No *n*lysis *v*il**l*

3.7

Basic Information

Concerned about an active attack path?

GHSA-7h74-7vcw-4mwp: Insecure deserialize Vulnerability in FLOW3

3.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI