Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4801 vulnerabilities reference this CWE, most recent first.

GHSA-R7V6-MFHQ-G3M2

Vulnerability from github – Published: 2025-12-15 23:37 – Updated: 2026-06-05 17:56
VLAI
Summary
Fickling has Code Injection vulnerability via pty.spawn()
Details

Fickling Assessment

Based on the test case provided in the original report below, this bypass was caused by pty missing from our block list of unsafe module imports (as previously documented in #108), rather than the unused variable heuristic. This led to unsafe pickles based on pty.spawn() being incorrectly flagged as LIKELY_SAFE, and was fixed in https://github.com/trailofbits/fickling/pull/187.

Original report

Summary

An unsafe deserialization vulnerability in Fickling allows a crafted pickle file to bypass the "unused variable" heuristic, enabling arbitrary code execution. This bypass is achieved by adding a trivial operation to the pickle file that "uses" the otherwise unused variable left on the stack after a malicious operation, tricking the detection mechanism into classifying the file as safe.

Details

Fickling relies on the heuristic of detecting unused variables in the VM's stack after execution. Opcodes like REDUCE, OBJ, and INST, which can be used for arbitrary code execution, leave a value on the stack that is often unused in malicious pickle files. This vulnerability enables a bypass by modifying the pickle file to use this leftover variable. A simple way to achieve this is to add a BUILD opcode that, in effect, adds a __setstate__ to the unused variable. This makes Fickling consider the variable "used," thus failing to flag the malicious file.

PoC

The following is a disassembled view of a malicious pickle file that bypasses Fickling's "unused variable" detection:

    0: \x80 PROTO      4
    2: \x95 FRAME      26
   11: \x8c SHORT_BINUNICODE 'pty'
   16: \x94 MEMOIZE    (as 0)
   17: \x8c SHORT_BINUNICODE 'spawn'
   24: \x94 MEMOIZE    (as 1)
   25: \x93 STACK_GLOBAL
   26: \x94 MEMOIZE    (as 2)
   27: \x8c SHORT_BINUNICODE 'id'
   31: \x94 MEMOIZE    (as 3)
   32: \x85 TUPLE1
   33: \x94 MEMOIZE    (as 4)
   34: R   REDUCE
   35: \x94 MEMOIZE    (as 5)
   36: \x8c SHORT_BINUNICODE 'gottem'
   44: \x94 MEMOIZE    (as 6)
   45: b   BUILD
   46: .   STOP
 ```

Here, the additions to the original pickle file can see on lines 35, 36, 44 and 45.

When analyzing this modified file, Fickling fails to identify it as malicious and reports it as **"LIKELY_SAFE"** as seen here:

{ "severity": "LIKELY_SAFE", "analysis": "Warning: Fickling failed to detect any overtly unsafe code,but the pickle file may still be unsafe.Do not unpickle this file if it is from an untrusted source!\n\n", "detailed_results": {} } ```

Impact

This allows an attacker to craft a malicious pickle file that can bypass fickling since it relies on the "unused variable" heuristic to flag pickle files as unsafe. A user who deserializes such a file, believing it to be safe, would inadvertently execute arbitrary code on their system. This impacts any user or system that uses Fickling to vet pickle files for security issues.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "fickling"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-184",
      "CWE-502",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-15T23:37:28Z",
    "nvd_published_at": "2025-12-16T01:15:52Z",
    "severity": "HIGH"
  },
  "details": "## Fickling Assessment\n\nBased on the test case provided in the original report below, this bypass was caused by `pty` missing from our block list of unsafe module imports (as previously documented in #108), rather than the unused variable heuristic. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in https://github.com/trailofbits/fickling/pull/187. \n\n## Original report\n\n### Summary\nAn unsafe deserialization vulnerability in Fickling allows a crafted pickle file to bypass the \"unused variable\" heuristic, enabling arbitrary code execution. This bypass is achieved by adding a trivial operation to the pickle file that \"uses\" the otherwise unused variable left on the stack after a malicious operation, tricking the detection mechanism into classifying the file as safe.\n\n### Details\nFickling relies on the heuristic of detecting unused variables in the VM\u0027s stack after execution. Opcodes like `REDUCE`, `OBJ`, and `INST`, which can be used for arbitrary code execution, leave a value on the stack that is often unused in malicious pickle files.\nThis vulnerability enables a bypass by modifying the pickle file to use this leftover variable. A simple way to achieve this is to add a `BUILD` opcode that, in effect, adds a `__setstate__` to the unused variable. This makes Fickling consider the variable \"used,\" thus failing to flag the malicious file.\n\n### PoC\nThe following is a disassembled view of a malicious pickle file that bypasses Fickling\u0027s \"unused variable\" detection:\n```\n    0: \\x80 PROTO      4\n    2: \\x95 FRAME      26\n   11: \\x8c SHORT_BINUNICODE \u0027pty\u0027\n   16: \\x94 MEMOIZE    (as 0)\n   17: \\x8c SHORT_BINUNICODE \u0027spawn\u0027\n   24: \\x94 MEMOIZE    (as 1)\n   25: \\x93 STACK_GLOBAL\n   26: \\x94 MEMOIZE    (as 2)\n   27: \\x8c SHORT_BINUNICODE \u0027id\u0027\n   31: \\x94 MEMOIZE    (as 3)\n   32: \\x85 TUPLE1\n   33: \\x94 MEMOIZE    (as 4)\n   34: R   REDUCE\n   35: \\x94 MEMOIZE    (as 5)\n   36: \\x8c SHORT_BINUNICODE \u0027gottem\u0027\n   44: \\x94 MEMOIZE    (as 6)\n   45: b   BUILD\n   46: .   STOP\n ```\n \nHere, the additions to the original pickle file can see on lines 35, 36, 44 and 45.\n\nWhen analyzing this modified file, Fickling fails to identify it as malicious and reports it as **\"LIKELY_SAFE\"** as seen here:\n```\n{\n    \"severity\": \"LIKELY_SAFE\",\n    \"analysis\": \"Warning: Fickling failed to detect any overtly unsafe code,but the pickle file may still be unsafe.Do not unpickle this file if it is from an untrusted source!\\n\\n\",\n    \"detailed_results\": {}\n}\n```\n\n### Impact\nThis allows an attacker to craft a malicious pickle file that can bypass fickling since it relies on the \"unused variable\" heuristic to flag pickle files as unsafe. A user who deserializes such a file, believing it to be safe, would inadvertently execute arbitrary code on their system. This impacts any user or system that uses Fickling to vet pickle files for security issues.",
  "id": "GHSA-r7v6-mfhq-g3m2",
  "modified": "2026-06-05T17:56:00Z",
  "published": "2025-12-15T23:37:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67748"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/pull/108"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/pull/187"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/fickling/PYSEC-2025-113.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/trailofbits/fickling"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Fickling has Code Injection vulnerability via pty.spawn()"
}

GHSA-R822-JQ42-473C

Vulnerability from github – Published: 2025-05-07 00:31 – Updated: 2025-05-07 00:31
VLAI
Details

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-06T23:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the \u0027import_header\u0027 function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",
  "id": "GHSA-r822-jq42-473c",
  "modified": "2025-05-07T00:31:34Z",
  "published": "2025-05-07T00:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0855"
    },
    {
      "type": "WEB",
      "url": "https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5dfc2249-3761-49c6-966e-73c33be74c0e?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R855-MC52-4RH4

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 18:31
VLAI
Details

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T17:16:30Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through \u003c= 2.3.3.",
  "id": "GHSA-r855-mc52-4rh4",
  "modified": "2026-03-26T18:31:30Z",
  "published": "2026-03-25T18:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22480"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/webtoffee-product-feed/vulnerability/wordpress-product-feed-for-woocommerce-plugin-2-3-3-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8CP-QXMG-7CCR

Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31
VLAI
Details

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-06T16:16:07Z",
    "severity": "CRITICAL"
  },
  "details": "Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through \u003c= 2.9.12.",
  "id": "GHSA-r8cp-qxmg-7ccr",
  "modified": "2026-01-20T15:31:50Z",
  "published": "2025-11-06T18:32:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60245"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-user-manager/vulnerability/wordpress-wp-user-manager-plugin-2-9-12-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8F5-5368-56M3

Vulnerability from github – Published: 2022-04-22 00:00 – Updated: 2026-06-22 21:30
VLAI
Details

An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-20T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.",
  "id": "GHSA-r8f5-5368-56m3",
  "modified": "2026-06-22T21:30:43Z",
  "published": "2022-04-22T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29528"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/commit/0108f1bde2117ac5c1e28d124128f60c8bb09a8e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/commit/93821c0de6a7dd32262ce62212773f43136ca66e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158"
    },
    {
      "type": "WEB",
      "url": "https://zigrin.com/advisories/misp-phar-deserialization"
    },
    {
      "type": "WEB",
      "url": "https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8G5-CGF2-4M4M

Vulnerability from github – Published: 2025-12-29 15:27 – Updated: 2025-12-29 15:27
VLAI
Summary
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
Details

Summary

An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source.

Details

The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the case for getlincoef and _eval_length. This list is probably not exhaustive.

According to https://numpy.org/doc/stable/reference/security.html#advice-for-using-numpy-on-untrusted-data, the whole numpy.f2py should be considered unsafe when loading a pickle.

PoC

from numpy.f2py.crackfortran import getlincoef

class EvilClass:
    def __reduce__(self):
        payload = "__import__('os').system('echo \"successful attack\"')"
        return getlincoef, (payload, [])

Impact

Who is impacted? Any organization or individual relying on picklescan to detect malicious pickle files from untrusted sources. What is the impact? Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded. Supply Chain Attack: Attackers can distribute infected pickle files across ML models, APIs, or saved Python objects.

Note

The problem was originally reported to the joblib project, but this was deemed unrelated to joblib itself. However, I checked that picklescan was indeed vulnerable.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "picklescan"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-29T15:27:59Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nAn unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source.\n\n### Details\n\nThe `numpy.f2py.crackfortran` module exposes many functions that call `eval` on arbitrary strings of values. This is the case for `getlincoef` and `_eval_length`. This list is probably not exhaustive.\n\nAccording to https://numpy.org/doc/stable/reference/security.html#advice-for-using-numpy-on-untrusted-data, the whole `numpy.f2py` should be considered unsafe when loading a pickle.\n\n### PoC\n\n```python\nfrom numpy.f2py.crackfortran import getlincoef\n\nclass EvilClass:\n    def __reduce__(self):\n        payload = \"__import__(\u0027os\u0027).system(\u0027echo \\\"successful attack\\\"\u0027)\"\n        return getlincoef, (payload, [])\n```\n\n### Impact\n\nWho is impacted? Any organization or individual relying on `picklescan` to detect malicious pickle files from untrusted sources.\nWhat is the impact? Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded.\nSupply Chain Attack: Attackers can distribute infected pickle files across ML models, APIs, or saved Python objects.\n\n### Note\n\nThe problem was originally reported to the joblib project, but this was deemed unrelated to joblib itself. However, I checked that `picklescan` was indeed vulnerable.",
  "id": "GHSA-r8g5-cgf2-4m4m",
  "modified": "2025-12-29T15:27:59Z",
  "published": "2025-12-29T15:27:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-r8g5-cgf2-4m4m"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/pull/53"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mmaitre314/picklescan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef"
}

GHSA-R8HV-R9HQ-HVGJ

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1000148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-03T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file.",
  "id": "GHSA-r8hv-r9hq-hvgj",
  "modified": "2022-05-13T01:40:57Z",
  "published": "2022-05-13T01:40:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000148"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/mahara/+bug/1508684"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8JW-F89Q-P7G6

Vulnerability from github – Published: 2023-02-03 06:30 – Updated: 2023-02-13 15:30
VLAI
Details

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.",
  "id": "GHSA-r8jw-f89q-p7g6",
  "modified": "2023-02-13T15:30:26Z",
  "published": "2023-02-03T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25135"
    },
    {
      "type": "WEB",
      "url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch"
    },
    {
      "type": "WEB",
      "url": "https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8PF-P598-JHPM

Vulnerability from github – Published: 2023-09-20 18:30 – Updated: 2023-11-03 12:30
VLAI
Details

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-20T18:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP \u0027unserialize()\u0027 function in multiple places. An example is the functionality to manage tables in \u0027tables.php\u0027 where the \u0027ma[]\u0027 POST parameter is deserialized.",
  "id": "GHSA-r8pf-p598-jhpm",
  "modified": "2023-11-03T12:30:31Z",
  "published": "2023-09-20T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40619"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8XJ-278C-2QV8

Vulnerability from github – Published: 2025-01-07 12:30 – Updated: 2026-04-01 18:33
VLAI
Details

Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-07T11:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.",
  "id": "GHSA-r8xj-278c-2qv8",
  "modified": "2026-04-01T18:33:01Z",
  "published": "2025-01-07T12:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49222"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.