Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4798 vulnerabilities reference this CWE, most recent first.

GHSA-VFRJ-F292-3F24

Vulnerability from github – Published: 2025-09-23 06:30 – Updated: 2026-03-09 21:31
VLAI
Details

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-23T05:15:35Z",
    "severity": "CRITICAL"
  },
  "details": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.",
  "id": "GHSA-vfrj-f292-3f24",
  "modified": "2026-03-09T21:31:32Z",
  "published": "2025-09-23T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26399"
    },
    {
      "type": "WEB",
      "url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
    },
    {
      "type": "WEB",
      "url": "https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk"
    },
    {
      "type": "WEB",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VG2H-V64Q-H2QJ

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-08-01 21:31
VLAI
Details

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:44:26Z",
    "severity": "MODERATE"
  },
  "details": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",
  "id": "GHSA-vg2h-v64q-h2qj",
  "modified": "2024-08-01T21:31:40Z",
  "published": "2024-05-14T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4699"
    },
    {
      "type": "WEB",
      "url": "https://github.com/I-Schnee-I/cev/blob/main/D-LINK-DAR-8000-10_rce_importhtml.md"
    },
    {
      "type": "WEB",
      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.263747"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.263747"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.331311"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VG45-QVVM-3P85

Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-03-24 21:31
VLAI
Details

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-24T21:16:27Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.",
  "id": "GHSA-vg45-qvvm-3p85",
  "modified": "2026-03-24T21:31:24Z",
  "published": "2026-03-24T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24152"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5769"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24152"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VG8G-JPM9-JH8R

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2024-10-21 20:51
VLAI
Summary
Unsafe pyyaml load usage in PyAnyAPI
Details

An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyanyapi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-26T18:45:59Z",
    "nvd_published_at": "2017-11-08T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because `load` is used where `safe_load` should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.",
  "id": "GHSA-vg8g-jpm9-jh8r",
  "modified": "2024-10-21T20:51:43Z",
  "published": "2022-05-13T01:44:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16616"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Stranger6667/pyanyapi/issues/41"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Stranger6667/pyanyapi/commit/810db626c18ebc261d5f4299d0f0eac38d5eb3cf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Stranger6667/pyanyapi"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Stranger6667/pyanyapi/releases/tag/0.6.1"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-vg8g-jpm9-jh8r"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyanyapi/PYSEC-2017-23.yaml"
    },
    {
      "type": "WEB",
      "url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16616-yamlparser-in-pyanyapi"
    },
    {
      "type": "WEB",
      "url": "https://pypi.python.org/pypi/pyanyapi/0.6.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Unsafe pyyaml load usage in PyAnyAPI"
}

GHSA-VGVF-9JH3-FG75

Vulnerability from github – Published: 2018-10-19 16:46 – Updated: 2022-09-14 19:14
VLAI
Summary
Deserialization of Untrusted Data in swagger-codegen
Details

A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.swagger:swagger-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.swagger:swagger-codegen"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-1000207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:57:48Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "A vulnerability in Swagger-Parser\u0027s version \u003c= 1.0.30 and Swagger codegen version \u003c= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the \u0027generate\u0027 and \u0027validate\u0027 command in swagger-codegen (\u003c= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.",
  "id": "GHSA-vgvf-9jh3-fg75",
  "modified": "2022-09-14T19:14:19Z",
  "published": "2018-10-19T16:46:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000207"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-parser/pull/481"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-vgvf-9jh3-fg75"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/swagger-api/swagger-parser"
    },
    {
      "type": "WEB",
      "url": "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Deserialization of Untrusted Data in swagger-codegen"
}

GHSA-VH49-3Q2G-93GH

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2025-02-20 21:30
VLAI
Details

The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-07T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.",
  "id": "GHSA-vh49-3q2g-93gh",
  "modified": "2025-02-20T21:30:39Z",
  "published": "2022-05-24T17:33:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28339"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/usc-e-shop/#developers"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHRG-V3CV-P247

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-03-05 22:11
VLAI
Summary
Deserialization of Untrusted Data in Spring Security
Details

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.2.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0.RELEASE"
            },
            {
              "fixed": "4.2.3.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0.M1"
            },
            {
              "fixed": "5.0.0.M2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.0.0.M1"
      ]
    }
  ],
  "aliases": [
    "CVE-2017-4995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-30T19:40:27Z",
    "nvd_published_at": "2017-11-27T10:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets.\" Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security\u0027s Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) \"deserialization gadget\" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown \"deserialization gadgets\" when Spring Security enables default typing.",
  "id": "GHSA-vhrg-v3cv-p247",
  "modified": "2024-03-05T22:11:24Z",
  "published": "2022-05-13T01:02:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4995"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/issues/1599"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-security/issues/4370"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2017-4995"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Deserialization of Untrusted Data in Spring Security"
}

GHSA-VJ2F-C594-7C7C

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-16T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.",
  "id": "GHSA-vj2f-c594-7c7c",
  "modified": "2022-05-24T17:34:22Z",
  "published": "2022-05-24T17:34:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5664"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU92053563/index.html"
    },
    {
      "type": "WEB",
      "url": "https://xoonips.osdn.jp/modules/news/index.php?page=article\u0026storyid=13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VJ3M-2G9H-VM4P

Vulnerability from github – Published: 2026-05-05 21:29 – Updated: 2026-05-05 21:29
VLAI
Summary
Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass
Details

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high.

1. Unsafe unserialize() in JobQueue — direct RCE gadget (Critical)

system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserialize(base64_decode(...)) without restricting allowed_classes. The Job class has call_user_func_array($this->command, $this->args) in its execution path, which is a direct gadget chain — inject a serialized Job with command = 'system' and args = ['whoami'].

The same codebase actually has a Serializable trait that correctly restricts classes, so this inconsistency stands out.

2. Unsafe unserialize() in FileCache — arbitrary class instantiation (Critical)

system/src/Grav/Framework/Cache/Adapter/FileCache.php:75 does unserialize($value, ['allowed_classes' => true]). That true allows instantiation of any class. If an attacker can write to the cache directory (via any file write primitive), they get object injection → RCE.

3. Unsafe unserialize() in Session (High)

system/src/Grav/Common/Session.php:116 — same allowed_classes => true pattern on session data. Lower severity since session storage is typically more restricted.

4. Command injection in git clone (Critical)

system/src/Grav/Console/Cli/InstallCommand.php:150 — only $this->destination uses escapeshellarg(). The $data['branch'], $data['url'], and $data['path'] variables go directly into the shell command without escaping. Admin-accessible via plugin/theme installation.

5. SSTI blocklist bypass (High)

system/src/Grav/Common/Security.php:267-286cleanDangerousTwig() blocks twig_array_map and twig_array_filter but not twig_array_reduce. Also missing file_get_contents and fwrite from the dangerous function blocklist. An attacker who can inject Twig templates can bypass the security filter.

All five are independently exploitable. The unserialize issues are the most concerning since they don't require admin access if there's any file write primitive.

— ProScan AppSec | proscan.one


Maintainer note — fix applied (2026-04-24)

Fixed in Grav core on the 2.0 branch: commit c66dfeb5f (items #1, #2, #3, #4) and commit 38685ac25 + c66dfeb5f (item #5) — ships in 2.0.0-beta.2.

All five vectors addressed:

  1. Scheduler\JobQueue unsafe unserializeserialized_job now carries a sibling serialized_job_hmac signed with Security::getNonceKey(). reconstructJob refuses to unserialize an item whose HMAC is missing/mismatched and falls through to the safe structured-fields rebuild. A tampered queue file can no longer smuggle a forged Job for direct RCE via Job::exec → call_user_func_array.
    system/src/Grav/Common/Scheduler/JobQueue.php

  2. FileCache unsafe unserialize — same HMAC-integrity approach; see separate GHSA-gwfr-jfjf-92vv.
    system/src/Grav/Framework/Cache/Adapter/FileCache.php

  3. Session::getFlashObject unsafe unserialize — payload now wrapped in a v2|<hmac>|<serialized> envelope; legacy/forged envelopes return null instead of triggering unserialize.
    system/src/Grav/Common/Session.php

  4. InstallCommand git clone shell injectionbranch, url, and path values read from user/.dependencies are now passed through escapeshellarg, with a -- separator before url/path to block option-injection (e.g. --upload-pack=evil).
    system/src/Grav/Console/Cli/InstallCommand.php

  5. SSTI blocklist bypasstwig_array_reduce (the specific name called out) plus twig_array_some and twig_array_every added to cleanDangerousTwig's CALLABLE_DANGEROUS_NAMES alongside the existing twig_array_map/filter. More importantly, the new Twig content sandbox in 2.0.0-beta.2 blocks this class of attack at a different layer — see the sandbox work in 38685ac25.
    system/src/Grav/Common/Security.php

Tests: - tests/unit/Grav/Common/Security/UnserializeIntegritySecurityTest.php — 8 cases covering JobQueue + Session HMAC integrity. - tests/unit/Grav/Common/Security/FileCacheSecurityTest.php. - tests/unit/Grav/Common/Security/CleanDangerousTwigTest.php — new twig_array_* entries in providerCallbackFunctions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T21:29:02Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Multiple RCE vectors were found in Grav CMS. Three are critical, two are high.\n\n**1. Unsafe unserialize() in JobQueue \u2014 direct RCE gadget (Critical)**\n\n`system/src/Grav/Common/Scheduler/JobQueue.php:465` calls `unserialize(base64_decode(...))` without restricting `allowed_classes`. The `Job` class has `call_user_func_array($this-\u003ecommand, $this-\u003eargs)` in its execution path, which is a direct gadget chain \u2014 inject a serialized `Job` with `command = \u0027system\u0027` and `args = [\u0027whoami\u0027]`.\n\nThe same codebase actually has a `Serializable` trait that correctly restricts classes, so this inconsistency stands out.\n\n**2. Unsafe unserialize() in FileCache \u2014 arbitrary class instantiation (Critical)**\n\n`system/src/Grav/Framework/Cache/Adapter/FileCache.php:75` does `unserialize($value, [\u0027allowed_classes\u0027 =\u003e true])`. That `true` allows instantiation of any class. If an attacker can write to the cache directory (via any file write primitive), they get object injection \u2192 RCE.\n\n**3. Unsafe unserialize() in Session (High)**\n\n`system/src/Grav/Common/Session.php:116` \u2014 same `allowed_classes =\u003e true` pattern on session data. Lower severity since session storage is typically more restricted.\n\n**4. Command injection in git clone (Critical)**\n\n`system/src/Grav/Console/Cli/InstallCommand.php:150` \u2014 only `$this-\u003edestination` uses `escapeshellarg()`. The `$data[\u0027branch\u0027]`, `$data[\u0027url\u0027]`, and `$data[\u0027path\u0027]` variables go directly into the shell command without escaping. Admin-accessible via plugin/theme installation.\n\n**5. SSTI blocklist bypass (High)**\n\n`system/src/Grav/Common/Security.php:267-286` \u2014 `cleanDangerousTwig()` blocks `twig_array_map` and `twig_array_filter` but not `twig_array_reduce`. Also missing `file_get_contents` and `fwrite` from the dangerous function blocklist. An attacker who can inject Twig templates can bypass the security filter.\n\nAll five are independently exploitable. The unserialize issues are the most concerning since they don\u0027t require admin access if there\u0027s any file write primitive.\n\n\u2014 ProScan AppSec | proscan.one\n\n\n---\n\n## Maintainer note \u2014 fix applied (2026-04-24)\n\nFixed in Grav core on the `2.0` branch: commit [`c66dfeb5f`](https://github.com/getgrav/grav/commit/c66dfeb5f) (items #1, #2, #3, #4) and commit [`38685ac25`](https://github.com/getgrav/grav/commit/38685ac25) + [`c66dfeb5f`](https://github.com/getgrav/grav/commit/c66dfeb5f) (item #5) \u2014 ships in **2.0.0-beta.2**.\n\nAll five vectors addressed:\n\n1. **Scheduler\\JobQueue unsafe unserialize** \u2014 `serialized_job` now carries a sibling `serialized_job_hmac` signed with `Security::getNonceKey()`. `reconstructJob` refuses to unserialize an item whose HMAC is missing/mismatched and falls through to the safe structured-fields rebuild. A tampered queue file can no longer smuggle a forged `Job` for direct RCE via `Job::exec \u2192 call_user_func_array`.  \n   \u2192 [`system/src/Grav/Common/Scheduler/JobQueue.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Scheduler/JobQueue.php)\n\n2. **FileCache unsafe unserialize** \u2014 same HMAC-integrity approach; see separate GHSA-gwfr-jfjf-92vv.  \n   \u2192 [`system/src/Grav/Framework/Cache/Adapter/FileCache.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Framework/Cache/Adapter/FileCache.php)\n\n3. **Session::getFlashObject unsafe unserialize** \u2014 payload now wrapped in a `v2|\u003chmac\u003e|\u003cserialized\u003e` envelope; legacy/forged envelopes return null instead of triggering `unserialize`.  \n   \u2192 [`system/src/Grav/Common/Session.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Session.php)\n\n4. **InstallCommand `git clone` shell injection** \u2014 `branch`, `url`, and `path` values read from `user/.dependencies` are now passed through `escapeshellarg`, with a `--` separator before url/path to block option-injection (e.g. `--upload-pack=evil`).  \n   \u2192 [`system/src/Grav/Console/Cli/InstallCommand.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Console/Cli/InstallCommand.php)\n\n5. **SSTI blocklist bypass** \u2014 `twig_array_reduce` (the specific name called out) plus `twig_array_some` and `twig_array_every` added to `cleanDangerousTwig`\u0027s `CALLABLE_DANGEROUS_NAMES` alongside the existing `twig_array_map`/`filter`. More importantly, the new Twig content sandbox in 2.0.0-beta.2 blocks this class of attack at a different layer \u2014 see the sandbox work in [`38685ac25`](https://github.com/getgrav/grav/commit/38685ac25).  \n   \u2192 [`system/src/Grav/Common/Security.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Security.php)\n\n**Tests:**\n- [`tests/unit/Grav/Common/Security/UnserializeIntegritySecurityTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/UnserializeIntegritySecurityTest.php) \u2014 8 cases covering JobQueue + Session HMAC integrity.\n- [`tests/unit/Grav/Common/Security/FileCacheSecurityTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/FileCacheSecurityTest.php).\n- [`tests/unit/Grav/Common/Security/CleanDangerousTwigTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/CleanDangerousTwigTest.php) \u2014 new `twig_array_*` entries in `providerCallbackFunctions`.",
  "id": "GHSA-vj3m-2g9h-vm4p",
  "modified": "2026-05-05T21:29:02Z",
  "published": "2026-05-05T21:29:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-vj3m-2g9h-vm4p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/5a12f9be8314682c8713e569e330f11805d0a663"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass"
}

GHSA-VJ47-XVV7-VCR5

Vulnerability from github – Published: 2023-12-20 15:30 – Updated: 2026-04-28 21:33
VLAI
Details

Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-20T14:15:21Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.",
  "id": "GHSA-vj47-xvv7-vcr5",
  "modified": "2026-04-28T21:33:27Z",
  "published": "2023-12-20T15:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47507"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.