Critical severityNVD Advisory· Published May 6, 2022· Updated Sep 16, 2024
Deserialization of Untrusted Data
CVE-2021-23592
Description
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/frameworkPackagist | < 6.0.12 | 6.0.12 |
Affected products
2- topthink/frameworkdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3fpv-54ff-wqfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23592ghsaADVISORY
- github.com/top-think/framework/commit/d3b5aeae94bc71bae97977d05cd12c3e0550905cghsax_refsource_MISCWEB
- github.com/top-think/framework/releases/tag/v6.0.12ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-PHP-TOPTHINKFRAMEWORK-2385695ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.