From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Submission Details**: - Submission ID: 812f2a7 - Submitters: TeaAlex and cap-collectif-github-bot - Submission Time: 2 weeks ago - Submission Description: Fix security vulnerability (#18174) - **Modified Files and Code Changes**: - 3 files modified, with a total of +3 -3 lines of code. - File paths and specific changes: ```markdown - src/Capco/AppBundle/GraphQL/Resolver/Debate/DebateAlternateArgumentsResolver.php - Line 131: Changed `unserialize(base64_decode($cursor))` to `unserialize(base64_decode($cursor), ['allowed_classes' => false])` - src/Capco/AppBundle/Router/DefaultPatternGenerationStrategy.php - Line 79: Changed `foreach (unserialize(file_get_contents($metadata)) as $resource)` to `foreach (unserialize(file_get_contents($metadata), ['allowed_class' => false]) as $resource)` - src/Capco/UserBundle/Security/Http/Logout/LogoutSuccessHandler.php - Line 61: Changed `$data = unserialize($theToken);` to `$data = unserialize($theToken, ['allowed_class' => false]);` ``` - **Key Fix Points**: - The `['allowed_classes' => false]` parameter was added to all instances of the `unserialize` function to prevent deserialization attacks. These changes indicate that the submission was primarily aimed at fixing security vulnerabilities related to unsafe deserialization.