Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
Medium
Vulnerability Details
The bug report at: https://bugs.php.net/bug.php?id=73367
The fix commit at: https://github.com/php/php-src/commit/0426b916df396a23e5c34514e4f2f0627efdcdf0
Actions
View on HackerOneReport Stats
- Report ID: 198723
- State: Closed
- Substate: resolved
- Upvotes: 4