CVE-2022-31140

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

Information Disclosure

Valinor is vulnerable to Information Disclosure. Valinor has access to ThrowablegetMessage, which can disclose sensitive information such as database passwords or system memory details...

Valinor error messages leading to potential data exfiltration before v0.12.0

php registerConstructorMoney::class, 'fromString' -mapper; try vardump$mapper-mapFoo::class, 'a' = 'HAHA', 'b' = '100 EUR', 'c' = 'USD 100' ; catch MappingError $e $messages = new NodeTraverserfunction Node $node foreach $node-messages as $message vardump '$message', $message-path, $message-body ...

GHSA-5PGM-3J3G-2RC7 Valinor error messages leading to potential data exfiltration before v0.12.0

php registerConstructorMoney::class, 'fromString' -mapper; try vardump$mapper-mapFoo::class, 'a' = 'HAHA', 'b' = '100 EUR', 'c' = 'USD 100' ; catch MappingError $e $messages = new NodeTraverserfunction Node $node foreach $node-messages as $message vardump '$message', $message-path, $message-body ...

CVE-2022-31140

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

CVE-2022-31140

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

Design/Logic Flaw

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

CVE-2022-31140 Valinor error messages leading to potential data exfiltration

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

CVE-2022-31140 Valinor error messages leading to potential data exfiltration

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

CVE-2022-31140

Valinor (PHP) prior to version 0.12.0 exposes sensitive error data by allowing Throwable#getMessage() to be accessed. This can reveal SQL snippets, database credentials (IP, username/password), and other details in exception messages, enabling information disclosure, potential data exfiltration, ...

CVE-2022-31140 Valinor error messages leading to potential data exfiltration

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

Valinor 安全漏洞

Valinor is a PHP library that helps map any input to a strongly typed value object structure. A security vulnerability exists in Valinor versions prior to 0.12.0, which stems from the fact that Valinor can be used without privileges to, for example, display SQL exceptions for SQL fragments, displ...

Automatic named constructor discovery in Valinor

Design issue - automatic constructor discovery The issue arises when upgrading from cuyz/valinor:0.3.0 to a newer system on an existing application, which broke due to the wrong constructor being picked. Still, a bigger security concern is problematic, and it is akin to...

GHSA-XHR8-MPWQ-2RR2 Automatic named constructor discovery in Valinor

Design issue - automatic constructor discovery The issue arises when upgrading from cuyz/valinor:0.3.0 to a newer system on an existing application, which broke due to the wrong constructor being picked. Still, a bigger security concern is problematic, and it is akin to...