CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4801 vulnerabilities reference this CWE, most recent first.
GHSA-R7V6-MFHQ-G3M2
Vulnerability from github – Published: 2025-12-15 23:37 – Updated: 2026-06-05 17:56Fickling Assessment
Based on the test case provided in the original report below, this bypass was caused by pty missing from our block list of unsafe module imports (as previously documented in #108), rather than the unused variable heuristic. This led to unsafe pickles based on pty.spawn() being incorrectly flagged as LIKELY_SAFE, and was fixed in https://github.com/trailofbits/fickling/pull/187.
Original report
Summary
An unsafe deserialization vulnerability in Fickling allows a crafted pickle file to bypass the "unused variable" heuristic, enabling arbitrary code execution. This bypass is achieved by adding a trivial operation to the pickle file that "uses" the otherwise unused variable left on the stack after a malicious operation, tricking the detection mechanism into classifying the file as safe.
Details
Fickling relies on the heuristic of detecting unused variables in the VM's stack after execution. Opcodes like REDUCE, OBJ, and INST, which can be used for arbitrary code execution, leave a value on the stack that is often unused in malicious pickle files.
This vulnerability enables a bypass by modifying the pickle file to use this leftover variable. A simple way to achieve this is to add a BUILD opcode that, in effect, adds a __setstate__ to the unused variable. This makes Fickling consider the variable "used," thus failing to flag the malicious file.
PoC
The following is a disassembled view of a malicious pickle file that bypasses Fickling's "unused variable" detection:
0: \x80 PROTO 4
2: \x95 FRAME 26
11: \x8c SHORT_BINUNICODE 'pty'
16: \x94 MEMOIZE (as 0)
17: \x8c SHORT_BINUNICODE 'spawn'
24: \x94 MEMOIZE (as 1)
25: \x93 STACK_GLOBAL
26: \x94 MEMOIZE (as 2)
27: \x8c SHORT_BINUNICODE 'id'
31: \x94 MEMOIZE (as 3)
32: \x85 TUPLE1
33: \x94 MEMOIZE (as 4)
34: R REDUCE
35: \x94 MEMOIZE (as 5)
36: \x8c SHORT_BINUNICODE 'gottem'
44: \x94 MEMOIZE (as 6)
45: b BUILD
46: . STOP
```
Here, the additions to the original pickle file can see on lines 35, 36, 44 and 45.
When analyzing this modified file, Fickling fails to identify it as malicious and reports it as **"LIKELY_SAFE"** as seen here:
{ "severity": "LIKELY_SAFE", "analysis": "Warning: Fickling failed to detect any overtly unsafe code,but the pickle file may still be unsafe.Do not unpickle this file if it is from an untrusted source!\n\n", "detailed_results": {} } ```
Impact
This allows an attacker to craft a malicious pickle file that can bypass fickling since it relies on the "unused variable" heuristic to flag pickle files as unsafe. A user who deserializes such a file, believing it to be safe, would inadvertently execute arbitrary code on their system. This impacts any user or system that uses Fickling to vet pickle files for security issues.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "fickling"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-67748"
],
"database_specific": {
"cwe_ids": [
"CWE-184",
"CWE-502",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-15T23:37:28Z",
"nvd_published_at": "2025-12-16T01:15:52Z",
"severity": "HIGH"
},
"details": "## Fickling Assessment\n\nBased on the test case provided in the original report below, this bypass was caused by `pty` missing from our block list of unsafe module imports (as previously documented in #108), rather than the unused variable heuristic. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in https://github.com/trailofbits/fickling/pull/187. \n\n## Original report\n\n### Summary\nAn unsafe deserialization vulnerability in Fickling allows a crafted pickle file to bypass the \"unused variable\" heuristic, enabling arbitrary code execution. This bypass is achieved by adding a trivial operation to the pickle file that \"uses\" the otherwise unused variable left on the stack after a malicious operation, tricking the detection mechanism into classifying the file as safe.\n\n### Details\nFickling relies on the heuristic of detecting unused variables in the VM\u0027s stack after execution. Opcodes like `REDUCE`, `OBJ`, and `INST`, which can be used for arbitrary code execution, leave a value on the stack that is often unused in malicious pickle files.\nThis vulnerability enables a bypass by modifying the pickle file to use this leftover variable. A simple way to achieve this is to add a `BUILD` opcode that, in effect, adds a `__setstate__` to the unused variable. This makes Fickling consider the variable \"used,\" thus failing to flag the malicious file.\n\n### PoC\nThe following is a disassembled view of a malicious pickle file that bypasses Fickling\u0027s \"unused variable\" detection:\n```\n 0: \\x80 PROTO 4\n 2: \\x95 FRAME 26\n 11: \\x8c SHORT_BINUNICODE \u0027pty\u0027\n 16: \\x94 MEMOIZE (as 0)\n 17: \\x8c SHORT_BINUNICODE \u0027spawn\u0027\n 24: \\x94 MEMOIZE (as 1)\n 25: \\x93 STACK_GLOBAL\n 26: \\x94 MEMOIZE (as 2)\n 27: \\x8c SHORT_BINUNICODE \u0027id\u0027\n 31: \\x94 MEMOIZE (as 3)\n 32: \\x85 TUPLE1\n 33: \\x94 MEMOIZE (as 4)\n 34: R REDUCE\n 35: \\x94 MEMOIZE (as 5)\n 36: \\x8c SHORT_BINUNICODE \u0027gottem\u0027\n 44: \\x94 MEMOIZE (as 6)\n 45: b BUILD\n 46: . STOP\n ```\n \nHere, the additions to the original pickle file can see on lines 35, 36, 44 and 45.\n\nWhen analyzing this modified file, Fickling fails to identify it as malicious and reports it as **\"LIKELY_SAFE\"** as seen here:\n```\n{\n \"severity\": \"LIKELY_SAFE\",\n \"analysis\": \"Warning: Fickling failed to detect any overtly unsafe code,but the pickle file may still be unsafe.Do not unpickle this file if it is from an untrusted source!\\n\\n\",\n \"detailed_results\": {}\n}\n```\n\n### Impact\nThis allows an attacker to craft a malicious pickle file that can bypass fickling since it relies on the \"unused variable\" heuristic to flag pickle files as unsafe. A user who deserializes such a file, believing it to be safe, would inadvertently execute arbitrary code on their system. This impacts any user or system that uses Fickling to vet pickle files for security issues.",
"id": "GHSA-r7v6-mfhq-g3m2",
"modified": "2026-06-05T17:56:00Z",
"published": "2025-12-15T23:37:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67748"
},
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/pull/108"
},
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/pull/187"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/fickling/PYSEC-2025-113.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/trailofbits/fickling"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Fickling has Code Injection vulnerability via pty.spawn()"
}
GHSA-R822-JQ42-473C
Vulnerability from github – Published: 2025-05-07 00:31 – Updated: 2025-05-07 00:31The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
{
"affected": [],
"aliases": [
"CVE-2025-0855"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T23:15:50Z",
"severity": "CRITICAL"
},
"details": "The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the \u0027import_header\u0027 function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",
"id": "GHSA-r822-jq42-473c",
"modified": "2025-05-07T00:31:34Z",
"published": "2025-05-07T00:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0855"
},
{
"type": "WEB",
"url": "https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5dfc2249-3761-49c6-966e-73c33be74c0e?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R855-MC52-4RH4
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 18:31Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3.
{
"affected": [],
"aliases": [
"CVE-2026-22480"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:30Z",
"severity": "HIGH"
},
"details": "Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through \u003c= 2.3.3.",
"id": "GHSA-r855-mc52-4rh4",
"modified": "2026-03-26T18:31:30Z",
"published": "2026-03-25T18:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22480"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/webtoffee-product-feed/vulnerability/wordpress-product-feed-for-woocommerce-plugin-2-3-3-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8CP-QXMG-7CCR
Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.
{
"affected": [],
"aliases": [
"CVE-2025-60245"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T16:16:07Z",
"severity": "CRITICAL"
},
"details": "Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through \u003c= 2.9.12.",
"id": "GHSA-r8cp-qxmg-7ccr",
"modified": "2026-01-20T15:31:50Z",
"published": "2025-11-06T18:32:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60245"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8F5-5368-56M3
Vulnerability from github – Published: 2022-04-22 00:00 – Updated: 2026-06-22 21:30An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
{
"affected": [],
"aliases": [
"CVE-2022-29528"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-20T23:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.",
"id": "GHSA-r8f5-5368-56m3",
"modified": "2026-06-22T21:30:43Z",
"published": "2022-04-22T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29528"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/commit/0108f1bde2117ac5c1e28d124128f60c8bb09a8e"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/commit/93821c0de6a7dd32262ce62212773f43136ca66e"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158"
},
{
"type": "WEB",
"url": "https://zigrin.com/advisories/misp-phar-deserialization"
},
{
"type": "WEB",
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8G5-CGF2-4M4M
Vulnerability from github – Published: 2025-12-29 15:27 – Updated: 2025-12-29 15:27Summary
An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source.
Details
The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the case for getlincoef and _eval_length. This list is probably not exhaustive.
According to https://numpy.org/doc/stable/reference/security.html#advice-for-using-numpy-on-untrusted-data, the whole numpy.f2py should be considered unsafe when loading a pickle.
PoC
from numpy.f2py.crackfortran import getlincoef
class EvilClass:
def __reduce__(self):
payload = "__import__('os').system('echo \"successful attack\"')"
return getlincoef, (payload, [])
Impact
Who is impacted? Any organization or individual relying on picklescan to detect malicious pickle files from untrusted sources.
What is the impact? Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded.
Supply Chain Attack: Attackers can distribute infected pickle files across ML models, APIs, or saved Python objects.
Note
The problem was originally reported to the joblib project, but this was deemed unrelated to joblib itself. However, I checked that picklescan was indeed vulnerable.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "picklescan"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.33"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-29T15:27:59Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nAn unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source.\n\n### Details\n\nThe `numpy.f2py.crackfortran` module exposes many functions that call `eval` on arbitrary strings of values. This is the case for `getlincoef` and `_eval_length`. This list is probably not exhaustive.\n\nAccording to https://numpy.org/doc/stable/reference/security.html#advice-for-using-numpy-on-untrusted-data, the whole `numpy.f2py` should be considered unsafe when loading a pickle.\n\n### PoC\n\n```python\nfrom numpy.f2py.crackfortran import getlincoef\n\nclass EvilClass:\n def __reduce__(self):\n payload = \"__import__(\u0027os\u0027).system(\u0027echo \\\"successful attack\\\"\u0027)\"\n return getlincoef, (payload, [])\n```\n\n### Impact\n\nWho is impacted? Any organization or individual relying on `picklescan` to detect malicious pickle files from untrusted sources.\nWhat is the impact? Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded.\nSupply Chain Attack: Attackers can distribute infected pickle files across ML models, APIs, or saved Python objects.\n\n### Note\n\nThe problem was originally reported to the joblib project, but this was deemed unrelated to joblib itself. However, I checked that `picklescan` was indeed vulnerable.",
"id": "GHSA-r8g5-cgf2-4m4m",
"modified": "2025-12-29T15:27:59Z",
"published": "2025-12-29T15:27:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-r8g5-cgf2-4m4m"
},
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/pull/53"
},
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab"
},
{
"type": "PACKAGE",
"url": "https://github.com/mmaitre314/picklescan"
},
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef"
}
GHSA-R8HV-R9HQ-HVGJ
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
{
"affected": [],
"aliases": [
"CVE-2017-1000148"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-03T18:29:00Z",
"severity": "HIGH"
},
"details": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file.",
"id": "GHSA-r8hv-r9hq-hvgj",
"modified": "2022-05-13T01:40:57Z",
"published": "2022-05-13T01:40:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000148"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/mahara/+bug/1508684"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8JW-F89Q-P7G6
Vulnerability from github – Published: 2023-02-03 06:30 – Updated: 2023-02-13 15:30vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.
{
"affected": [],
"aliases": [
"CVE-2023-25135"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T05:15:00Z",
"severity": "CRITICAL"
},
"details": "vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.",
"id": "GHSA-r8jw-f89q-p7g6",
"modified": "2023-02-13T15:30:26Z",
"published": "2023-02-03T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25135"
},
{
"type": "WEB",
"url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch"
},
{
"type": "WEB",
"url": "https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8PF-P598-JHPM
Vulnerability from github – Published: 2023-09-20 18:30 – Updated: 2023-11-03 12:30phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
{
"affected": [],
"aliases": [
"CVE-2023-40619"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-20T18:15:12Z",
"severity": "CRITICAL"
},
"details": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP \u0027unserialize()\u0027 function in multiple places. An example is the functionality to manage tables in \u0027tables.php\u0027 where the \u0027ma[]\u0027 POST parameter is deserialized.",
"id": "GHSA-r8pf-p598-jhpm",
"modified": "2023-11-03T12:30:31Z",
"published": "2023-09-20T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40619"
},
{
"type": "WEB",
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8XJ-278C-2QV8
Vulnerability from github – Published: 2025-01-07 12:30 – Updated: 2026-04-01 18:33Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-49222"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-07T11:15:07Z",
"severity": "CRITICAL"
},
"details": "Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.",
"id": "GHSA-r8xj-278c-2qv8",
"modified": "2026-04-01T18:33:01Z",
"published": "2025-01-07T12:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49222"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.