Task #90010: Enable PharMetaDataInterceptor - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Task #90010

closed

Enable PharMetaDataInterceptor

Added by Oliver Hader almost 5 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Oliver Hader

Category:

Security

Target version:

Start date:

2019-12-24

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

Enable experimental checking of serialized Phar meta-data against PHP objects. This would consider a Phar archive malicious in case not only scalar values are found. A custom low-level Phar\Reader is used in order to avoid using PHP's Phar object which would trigger the initial vulnerability.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Task #90010

Enable PharMetaDataInterceptor

Updated by Gerrit Code Review almost 5 years ago

Updated by Gerrit Code Review almost 5 years ago

Updated by Oliver Hader almost 5 years ago

Updated by Benni Mack over 4 years ago