Bug #89937

Insecure Deserialization when knowing encryptionKey in Extbase

Added by Oliver Hader over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2019-12-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Back-porting https://review.typo3.org/c/Packages/TYPO3.CMS/+/61223 might be the best way to do it.
However existing application might have use their own way in creating those requests with PHP's serialize - that's why


Related issues

Related to TYPO3 Core - Bug #89434: Action argument values will get lost on validation errorClosedAlexander Schnitzler2019-10-16

Actions
#1

Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch 9.5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/62619

#2

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch TYPO3_8-7 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/62620

#3

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch 9.5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/62619

#4

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch TYPO3_8-7 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/62620

#5

Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch TYPO3_8-7 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/62620

#6

Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch 9.5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/62619

#7

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62695

#8

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62702

#9

Updated by Oliver Hader over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#10

Updated by Oliver Hader over 1 year ago

  • Related to Bug #89434: Action argument values will get lost on validation error added
#11

Updated by Oliver Hader over 1 year ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (OW-A08: Insecure Deserialization)
  • Target version deleted (public)
#12

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF