CVE-2019-11831

The PharStreamWrapper aka phar-stream-wrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL...

CVE-2019-11830

The vulnerability CVE-2019-11830 affects TYPO3 in the PharStreamWrapper (phar-stream-wrapper) 2.x before 2.1.1 and 3.x before 3.1.1. The issue stems from misparsing Phar stubs, allowing bypass of deserialization protection. Impact is high (CVE-2019-11830) with critical, network-exposed access. Re...

TYPO3 PharStreamWrapper Remote Code Execution Vulnerability

TYPO3 PharStreamWrapper is an interceptor for stream processing from the Swiss TYPO3 Association. Drupal core third-party class library TYPO3/PharStreamWrapper package 2.1.1 before version 2.x and 3.1.1 before version 3.x there is a deserialization protection mechanism can be bypassed leading to...

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2019-007...

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2018-001...