36 matches found
Path Traversal
saloonphp/saloon is vulnerable to Path Traversal. The vulnerability is due to lack of validation of fixture names used in file path construction, which allows an attacker to manipulate paths and read or write arbitrary files outside the intended directory...
EUVD-2026-16070
Saloon has insecure deserialization in AccessTokenAuthenticator...
Saloon has insecure deserialization in AccessTokenAuthenticator
Impact Users of the OAuth2 utilities in Saloon, specifically the AccessTokenAuthenticator class. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description The Saloon PHP library used PHP's unserialize in AccessTokenAuthenticator::unserialize ...
GHSA-RF88-776R-RCQ9 Saloon has insecure deserialization in AccessTokenAuthenticator
Impact Users of the OAuth2 utilities in Saloon, specifically the AccessTokenAuthenticator class. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description The Saloon PHP library used PHP's unserialize in AccessTokenAuthenticator::unserialize ...
CVE-2026-33182
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
CVE-2026-33942
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...
CVE-2026-33183
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL construction process. An attacker can cause requests, including authentication headers, cookies, or tokens, to be sent to an attacker-controlled host by supplying a crafted absolute URL as th...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process of the AccessTokenAuthenticator class when restoring OAuth token state from cache or storage using PHP's unserialize with allowedclasses = true. An attacker can achieve...
CVE-2026-33942
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...
CVE-2026-33182
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
CVE-2026-33942
Saloon PHP library prior to version 4.0.0 deserializes OAuth token state via PHP unserialize() in AccessTokenAuthenticator::unserialize() with allowed_classes enabled. An attacker who controls the serialized data (e.g., by overwriting a cached token or injection) can submit a gadget object; upon ...
CVE-2026-33942 Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...
CVE-2026-33942
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...
CVE-2026-33183 Saloon has a Fixture Name Path Traversal Vulnerability
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
CVE-2026-33183 Saloon has a Fixture Name Path Traversal Vulnerability
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
CVE-2026-33183
Saloon is a PHP library for API integrations. CVE-2026-33183 (pre‑4.0.0) describes a path-traversal in fixture handling: fixture names could be treated as file paths under the fixture directory, allowing ../ traversal to escape the base directory and read/write arbitrary files if the fixture name...
CVE-2026-33183
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
CVE-2026-33182
The connected advisory describes a vulnerability in Saloon where building a request URL could ignore the base URL if the endpoint is an absolute URL. This enables server-side request forgery (SSRF) and credential leakage to an attacker-controlled host when user-controlled input influences the end...