CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4798 vulnerabilities reference this CWE, most recent first.
GHSA-VFRJ-F292-3F24
Vulnerability from github – Published: 2025-09-23 06:30 – Updated: 2026-03-09 21:31SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
{
"affected": [],
"aliases": [
"CVE-2025-26399"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T05:15:35Z",
"severity": "CRITICAL"
},
"details": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.",
"id": "GHSA-vfrj-f292-3f24",
"modified": "2026-03-09T21:31:32Z",
"published": "2025-09-23T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26399"
},
{
"type": "WEB",
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
},
{
"type": "WEB",
"url": "https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk"
},
{
"type": "WEB",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VG2H-V64Q-H2QJ
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-08-01 21:31** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
{
"affected": [],
"aliases": [
"CVE-2024-4699"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:44:26Z",
"severity": "MODERATE"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",
"id": "GHSA-vg2h-v64q-h2qj",
"modified": "2024-08-01T21:31:40Z",
"published": "2024-05-14T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4699"
},
{
"type": "WEB",
"url": "https://github.com/I-Schnee-I/cev/blob/main/D-LINK-DAR-8000-10_rce_importhtml.md"
},
{
"type": "WEB",
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.263747"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.263747"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.331311"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VG45-QVVM-3P85
Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-03-24 21:31NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2026-24152"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T21:16:27Z",
"severity": "HIGH"
},
"details": "NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.",
"id": "GHSA-vg45-qvvm-3p85",
"modified": "2026-03-24T21:31:24Z",
"published": "2026-03-24T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24152"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5769"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24152"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VG8G-JPM9-JH8R
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2024-10-21 20:51An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyanyapi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16616"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-26T18:45:59Z",
"nvd_published_at": "2017-11-08T03:29:00Z",
"severity": "CRITICAL"
},
"details": "An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because `load` is used where `safe_load` should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.",
"id": "GHSA-vg8g-jpm9-jh8r",
"modified": "2024-10-21T20:51:43Z",
"published": "2022-05-13T01:44:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16616"
},
{
"type": "WEB",
"url": "https://github.com/Stranger6667/pyanyapi/issues/41"
},
{
"type": "WEB",
"url": "https://github.com/Stranger6667/pyanyapi/commit/810db626c18ebc261d5f4299d0f0eac38d5eb3cf"
},
{
"type": "PACKAGE",
"url": "https://github.com/Stranger6667/pyanyapi"
},
{
"type": "WEB",
"url": "https://github.com/Stranger6667/pyanyapi/releases/tag/0.6.1"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vg8g-jpm9-jh8r"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyanyapi/PYSEC-2017-23.yaml"
},
{
"type": "WEB",
"url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16616-yamlparser-in-pyanyapi"
},
{
"type": "WEB",
"url": "https://pypi.python.org/pypi/pyanyapi/0.6.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Unsafe pyyaml load usage in PyAnyAPI"
}
GHSA-VGVF-9JH3-FG75
Vulnerability from github – Published: 2018-10-19 16:46 – Updated: 2022-09-14 19:14A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.swagger:swagger-parser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.31"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.swagger:swagger-codegen"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-1000207"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:57:48Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A vulnerability in Swagger-Parser\u0027s version \u003c= 1.0.30 and Swagger codegen version \u003c= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the \u0027generate\u0027 and \u0027validate\u0027 command in swagger-codegen (\u003c= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.",
"id": "GHSA-vgvf-9jh3-fg75",
"modified": "2022-09-14T19:14:19Z",
"published": "2018-10-19T16:46:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000207"
},
{
"type": "WEB",
"url": "https://github.com/swagger-api/swagger-parser/pull/481"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vgvf-9jh3-fg75"
},
{
"type": "PACKAGE",
"url": "https://github.com/swagger-api/swagger-parser"
},
{
"type": "WEB",
"url": "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Deserialization of Untrusted Data in swagger-codegen"
}
GHSA-VH49-3Q2G-93GH
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2025-02-20 21:30The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
{
"affected": [],
"aliases": [
"CVE-2020-28339"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-07T19:15:00Z",
"severity": "HIGH"
},
"details": "The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.",
"id": "GHSA-vh49-3q2g-93gh",
"modified": "2025-02-20T21:30:39Z",
"published": "2022-05-24T17:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28339"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/usc-e-shop/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VHRG-V3CV-P247
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-03-05 22:11An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.2.RELEASE"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.RELEASE"
},
{
"fixed": "4.2.3.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0.M1"
},
{
"fixed": "5.0.0.M2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.0.M1"
]
}
],
"aliases": [
"CVE-2017-4995"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-30T19:40:27Z",
"nvd_published_at": "2017-11-27T10:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets.\" Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security\u0027s Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) \"deserialization gadget\" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown \"deserialization gadgets\" when Spring Security enables default typing.",
"id": "GHSA-vhrg-v3cv-p247",
"modified": "2024-03-05T22:11:24Z",
"published": "2022-05-13T01:02:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4995"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-security/issues/4370"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2017-4995"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Deserialization of Untrusted Data in Spring Security"
}
GHSA-VJ2F-C594-7C7C
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2020-5664"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-16T05:15:00Z",
"severity": "CRITICAL"
},
"details": "Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.",
"id": "GHSA-vj2f-c594-7c7c",
"modified": "2022-05-24T17:34:22Z",
"published": "2022-05-24T17:34:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5664"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU92053563/index.html"
},
{
"type": "WEB",
"url": "https://xoonips.osdn.jp/modules/news/index.php?page=article\u0026storyid=13"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VJ3M-2G9H-VM4P
Vulnerability from github – Published: 2026-05-05 21:29 – Updated: 2026-05-05 21:29Multiple RCE vectors were found in Grav CMS. Three are critical, two are high.
1. Unsafe unserialize() in JobQueue — direct RCE gadget (Critical)
system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserialize(base64_decode(...)) without restricting allowed_classes. The Job class has call_user_func_array($this->command, $this->args) in its execution path, which is a direct gadget chain — inject a serialized Job with command = 'system' and args = ['whoami'].
The same codebase actually has a Serializable trait that correctly restricts classes, so this inconsistency stands out.
2. Unsafe unserialize() in FileCache — arbitrary class instantiation (Critical)
system/src/Grav/Framework/Cache/Adapter/FileCache.php:75 does unserialize($value, ['allowed_classes' => true]). That true allows instantiation of any class. If an attacker can write to the cache directory (via any file write primitive), they get object injection → RCE.
3. Unsafe unserialize() in Session (High)
system/src/Grav/Common/Session.php:116 — same allowed_classes => true pattern on session data. Lower severity since session storage is typically more restricted.
4. Command injection in git clone (Critical)
system/src/Grav/Console/Cli/InstallCommand.php:150 — only $this->destination uses escapeshellarg(). The $data['branch'], $data['url'], and $data['path'] variables go directly into the shell command without escaping. Admin-accessible via plugin/theme installation.
5. SSTI blocklist bypass (High)
system/src/Grav/Common/Security.php:267-286 — cleanDangerousTwig() blocks twig_array_map and twig_array_filter but not twig_array_reduce. Also missing file_get_contents and fwrite from the dangerous function blocklist. An attacker who can inject Twig templates can bypass the security filter.
All five are independently exploitable. The unserialize issues are the most concerning since they don't require admin access if there's any file write primitive.
— ProScan AppSec | proscan.one
Maintainer note — fix applied (2026-04-24)
Fixed in Grav core on the 2.0 branch: commit c66dfeb5f (items #1, #2, #3, #4) and commit 38685ac25 + c66dfeb5f (item #5) — ships in 2.0.0-beta.2.
All five vectors addressed:
-
Scheduler\JobQueue unsafe unserialize —
serialized_jobnow carries a siblingserialized_job_hmacsigned withSecurity::getNonceKey().reconstructJobrefuses to unserialize an item whose HMAC is missing/mismatched and falls through to the safe structured-fields rebuild. A tampered queue file can no longer smuggle a forgedJobfor direct RCE viaJob::exec → call_user_func_array.
→system/src/Grav/Common/Scheduler/JobQueue.php -
FileCache unsafe unserialize — same HMAC-integrity approach; see separate GHSA-gwfr-jfjf-92vv.
→system/src/Grav/Framework/Cache/Adapter/FileCache.php -
Session::getFlashObject unsafe unserialize — payload now wrapped in a
v2|<hmac>|<serialized>envelope; legacy/forged envelopes return null instead of triggeringunserialize.
→system/src/Grav/Common/Session.php -
InstallCommand
git cloneshell injection —branch,url, andpathvalues read fromuser/.dependenciesare now passed throughescapeshellarg, with a--separator before url/path to block option-injection (e.g.--upload-pack=evil).
→system/src/Grav/Console/Cli/InstallCommand.php -
SSTI blocklist bypass —
twig_array_reduce(the specific name called out) plustwig_array_someandtwig_array_everyadded tocleanDangerousTwig'sCALLABLE_DANGEROUS_NAMESalongside the existingtwig_array_map/filter. More importantly, the new Twig content sandbox in 2.0.0-beta.2 blocks this class of attack at a different layer — see the sandbox work in38685ac25.
→system/src/Grav/Common/Security.php
Tests:
- tests/unit/Grav/Common/Security/UnserializeIntegritySecurityTest.php — 8 cases covering JobQueue + Session HMAC integrity.
- tests/unit/Grav/Common/Security/FileCacheSecurityTest.php.
- tests/unit/Grav/Common/Security/CleanDangerousTwigTest.php — new twig_array_* entries in providerCallbackFunctions.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "getgrav/grav"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-beta.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-502",
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T21:29:02Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Multiple RCE vectors were found in Grav CMS. Three are critical, two are high.\n\n**1. Unsafe unserialize() in JobQueue \u2014 direct RCE gadget (Critical)**\n\n`system/src/Grav/Common/Scheduler/JobQueue.php:465` calls `unserialize(base64_decode(...))` without restricting `allowed_classes`. The `Job` class has `call_user_func_array($this-\u003ecommand, $this-\u003eargs)` in its execution path, which is a direct gadget chain \u2014 inject a serialized `Job` with `command = \u0027system\u0027` and `args = [\u0027whoami\u0027]`.\n\nThe same codebase actually has a `Serializable` trait that correctly restricts classes, so this inconsistency stands out.\n\n**2. Unsafe unserialize() in FileCache \u2014 arbitrary class instantiation (Critical)**\n\n`system/src/Grav/Framework/Cache/Adapter/FileCache.php:75` does `unserialize($value, [\u0027allowed_classes\u0027 =\u003e true])`. That `true` allows instantiation of any class. If an attacker can write to the cache directory (via any file write primitive), they get object injection \u2192 RCE.\n\n**3. Unsafe unserialize() in Session (High)**\n\n`system/src/Grav/Common/Session.php:116` \u2014 same `allowed_classes =\u003e true` pattern on session data. Lower severity since session storage is typically more restricted.\n\n**4. Command injection in git clone (Critical)**\n\n`system/src/Grav/Console/Cli/InstallCommand.php:150` \u2014 only `$this-\u003edestination` uses `escapeshellarg()`. The `$data[\u0027branch\u0027]`, `$data[\u0027url\u0027]`, and `$data[\u0027path\u0027]` variables go directly into the shell command without escaping. Admin-accessible via plugin/theme installation.\n\n**5. SSTI blocklist bypass (High)**\n\n`system/src/Grav/Common/Security.php:267-286` \u2014 `cleanDangerousTwig()` blocks `twig_array_map` and `twig_array_filter` but not `twig_array_reduce`. Also missing `file_get_contents` and `fwrite` from the dangerous function blocklist. An attacker who can inject Twig templates can bypass the security filter.\n\nAll five are independently exploitable. The unserialize issues are the most concerning since they don\u0027t require admin access if there\u0027s any file write primitive.\n\n\u2014 ProScan AppSec | proscan.one\n\n\n---\n\n## Maintainer note \u2014 fix applied (2026-04-24)\n\nFixed in Grav core on the `2.0` branch: commit [`c66dfeb5f`](https://github.com/getgrav/grav/commit/c66dfeb5f) (items #1, #2, #3, #4) and commit [`38685ac25`](https://github.com/getgrav/grav/commit/38685ac25) + [`c66dfeb5f`](https://github.com/getgrav/grav/commit/c66dfeb5f) (item #5) \u2014 ships in **2.0.0-beta.2**.\n\nAll five vectors addressed:\n\n1. **Scheduler\\JobQueue unsafe unserialize** \u2014 `serialized_job` now carries a sibling `serialized_job_hmac` signed with `Security::getNonceKey()`. `reconstructJob` refuses to unserialize an item whose HMAC is missing/mismatched and falls through to the safe structured-fields rebuild. A tampered queue file can no longer smuggle a forged `Job` for direct RCE via `Job::exec \u2192 call_user_func_array`. \n \u2192 [`system/src/Grav/Common/Scheduler/JobQueue.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Scheduler/JobQueue.php)\n\n2. **FileCache unsafe unserialize** \u2014 same HMAC-integrity approach; see separate GHSA-gwfr-jfjf-92vv. \n \u2192 [`system/src/Grav/Framework/Cache/Adapter/FileCache.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Framework/Cache/Adapter/FileCache.php)\n\n3. **Session::getFlashObject unsafe unserialize** \u2014 payload now wrapped in a `v2|\u003chmac\u003e|\u003cserialized\u003e` envelope; legacy/forged envelopes return null instead of triggering `unserialize`. \n \u2192 [`system/src/Grav/Common/Session.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Session.php)\n\n4. **InstallCommand `git clone` shell injection** \u2014 `branch`, `url`, and `path` values read from `user/.dependencies` are now passed through `escapeshellarg`, with a `--` separator before url/path to block option-injection (e.g. `--upload-pack=evil`). \n \u2192 [`system/src/Grav/Console/Cli/InstallCommand.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Console/Cli/InstallCommand.php)\n\n5. **SSTI blocklist bypass** \u2014 `twig_array_reduce` (the specific name called out) plus `twig_array_some` and `twig_array_every` added to `cleanDangerousTwig`\u0027s `CALLABLE_DANGEROUS_NAMES` alongside the existing `twig_array_map`/`filter`. More importantly, the new Twig content sandbox in 2.0.0-beta.2 blocks this class of attack at a different layer \u2014 see the sandbox work in [`38685ac25`](https://github.com/getgrav/grav/commit/38685ac25). \n \u2192 [`system/src/Grav/Common/Security.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Security.php)\n\n**Tests:**\n- [`tests/unit/Grav/Common/Security/UnserializeIntegritySecurityTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/UnserializeIntegritySecurityTest.php) \u2014 8 cases covering JobQueue + Session HMAC integrity.\n- [`tests/unit/Grav/Common/Security/FileCacheSecurityTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/FileCacheSecurityTest.php).\n- [`tests/unit/Grav/Common/Security/CleanDangerousTwigTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/CleanDangerousTwigTest.php) \u2014 new `twig_array_*` entries in `providerCallbackFunctions`.",
"id": "GHSA-vj3m-2g9h-vm4p",
"modified": "2026-05-05T21:29:02Z",
"published": "2026-05-05T21:29:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-vj3m-2g9h-vm4p"
},
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/commit/5a12f9be8314682c8713e569e330f11805d0a663"
},
{
"type": "PACKAGE",
"url": "https://github.com/getgrav/grav"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass"
}
GHSA-VJ47-XVV7-VCR5
Vulnerability from github – Published: 2023-12-20 15:30 – Updated: 2026-04-28 21:33Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.
{
"affected": [],
"aliases": [
"CVE-2023-47507"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-20T14:15:21Z",
"severity": "HIGH"
},
"details": "Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.",
"id": "GHSA-vj47-xvv7-vcr5",
"modified": "2026-04-28T21:33:27Z",
"published": "2023-12-20T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47507"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.