VYPR

Packagist (Composer) package

saloonphp/saloon

pkg:composer/saloonphp/saloon

Vulnerabilities (3)

  • CVE-2026-33942Mar 26, 2026
    affected < 4.0.0fixed 4.0.0

    Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can con

  • CVE-2026-33183Mar 26, 2026
    affected < 4.0.0fixed 4.0.0

    Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments (e.g. ../traversal or ../../etc/passwd

  • CVE-2026-33182Mar 26, 2026
    affected < 4.0.0fixed 4.0.0

    Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and