2 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process of the AccessTokenAuthenticator class when restoring OAuth token state from cache or storage using PHP's unserialize with allowedclasses = true. An attacker can achieve...
GHSA-C83F-3XP6-HFCP Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Impact Users providing user generated input into the resolveEndpoint method on requests. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description When building the request URL, Saloon combined the connector's base URL with the request...