An possible object injection has been discovered in cookie driver prior 5.0.13 versions (of 5.x releases).
The issue has been addressed by enforcing JSON conversion when deserializing
If you can’t fix it, use another driver such as “Files” (Filesystem)
Fixing release: https://github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
If you have any questions or comments about this advisory:
github.com/advisories/GHSA-484f-743f-6jx2
github.com/PHPSocialNetwork/phpfastcache
github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4
github.com/PHPSocialNetwork/phpfastcache/releases/tag/5.0.13
github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2
nvd.nist.gov/vuln/detail/CVE-2019-16774