Insecure Deserialization of untrusted data

Description Impact Unserialization of untrusted data. Patches The issue has been patched and users of Requests 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. References Publications about the vulnerability: https://dannewitz.ninja/posts/php-unserialize-object-injection-yet-another-stars-rating-wordpress ambionics/phpggc#52 https://blog.detectify.com/2019/07/23/improving-wordpress-plugin-security/ https://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf https://2018.zeronights.ru/wp-content/uploads/materials/9 ZN2018 WV - PHP unserialize.pdf https://medium.com/@knownsec404team/extend-the-attack-surface-of-php-deserialization-vulnerability-via-phar-d6455c6a1066#3c0f Originally fixed in WordPress 5.5.2: WordPress/wordpress-develop@add6bed https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ Related Security Advisories: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28032 https://nvd.nist.gov/vuln/detail/CVE-2020-28032 Notification to the Requests repo including a fix in: #421 and #422 For more information If you have any questions or comments about this advisory: Open an issue in Request