Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)
Vulnerability Description
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can control the serialized string (e.g. by overwriting a cached token file or via another injection) can supply a serialized "gadget" object. When unserialize() runs, PHP instantiates that object and runs its magic methods (__wakeup, __destruct, etc.), leading to object injection. In environments with common dependencies (e.g. Monolog), this can be chained to remote code execution (RCE). The fix in version 4.0.0 removes PHP serialization from the AccessTokenAuthenticator class requiring users to store and resolve the authenticator manually.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Saloon 代码问题漏洞
Vulnerability Description
Saloon是Saloon PHP开源的一个PHP API集成与SDK构建库。 Saloon 4.0.0之前版本存在代码问题漏洞,该漏洞源于AccessTokenAuthenticator::unserialize()使用PHP的unserialize()恢复OAuth令牌状态,可能导致对象注入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A