PHP yaml_parse_url Double Free Vulnerability

The yaml parsing functions suffers from an exploitable double free caused by the error path for the phpvarunserialize call on line 797 of pecl/fileformats/yaml.git/parse.c. Title: PHP yamlparseurl Double Free Credit: John Leitch email protected Url1:...

PHP yaml_parse_url Unsafe Deserialization Vulnerability

The PHP unserialize function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor. Title: PHP...