Description
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PHP-TOPTHINKFRAMEWORK-2385695
Third Party Advisory x_refsource_misc
https://github.com/top-think/framework/releases/tag/v6.0.12
Patch, Third Party Advisory x_refsource_misc
https://github.com/top-think/framework/commit/d3b5aeae94bc71bae97977d05cd12c3e0550905c
Scores
CVSS v3
7.7
EPSS
0.0101
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-502
Status
published
Products (2)
thinkphp/thinkphp
< 6.0.12
topthink/framework
0 - 6.0.12Packagist
Published
May 06, 2022
Tracked Since
Feb 18, 2026