CVE-2026-33942

Saloon PHP library prior to version 4.0.0 deserializes OAuth token state via PHP unserialize() in AccessTokenAuthenticator::unserialize() with allowed_classes enabled. An attacker who controls the serialized data (e.g., by overwriting a cached token or injection) can submit a gadget object; upon ...

Saloon 代码问题漏洞

Saloon is a PHP open-source API integration and SDK library developed by Saloon PHP. Versions of Saloon prior to 4.0.0 had code vulnerabilities. These vulnerabilities stemmed from the fact that when constructing the request URL, if the endpoint was a valid absolute URL, the code would ignore the...