First published: Mon May 06 2019(Updated: )
By-passing Protection of PharStreamWrapper Interceptor
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/drupal/core | >=7.0.0<7.67.0>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.6.16>=8.7.0<8.7.1 | |
composer/drupal/drupal | >=7.0.0<7.67.0>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.6.16>=8.7.0<8.7.1 | |
composer/typo3/phar-stream-wrapper | >=2.0.0<2.1.1>=3.0.0<3.1.1 | |
debian/drupal7 | ||
Typo3 Pharstreamwrapper | >=2.0.0<2.1.1 | |
Typo3 Pharstreamwrapper | >=3.0.0<3.1.1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Drupal Drupal | >=7.0<7.67 | |
Drupal Drupal | >=8.6.0<8.6.16 | |
Drupal Drupal | >=8.7.0<8.7.1 | |
Joomla Joomla\! | >=3.9.3<=3.9.5 | |
composer/drupal/drupal | >=8.7.0<8.7.1 | 8.7.1 |
composer/drupal/drupal | >=8.0.0<8.6.16 | 8.6.16 |
composer/drupal/drupal | >=7.0.0<7.67.0 | 7.67.0 |
composer/drupal/core | >=8.7.0<8.7.1 | 8.7.1 |
composer/drupal/core | >=8.0.0<8.6.16 | 8.6.16 |
composer/drupal/core | >=7.0.0<7.67.0 | 7.67.0 |
composer/typo3/phar-stream-wrapper | >=3.0.0<3.1.1 | 3.1.1 |
composer/typo3/phar-stream-wrapper | >=2.0.0<2.1.1 | 2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11831 is a vulnerability that allows attackers to bypass a deserialization protection mechanism in the PharStreamWrapper package.
The affected software includes TYPO3 versions before 2.1.1 and 3.x versions before 3.1.1, Drupal versions 7.0.0 to 7.67.0, and Drupal versions 8.0.0 to 8.7.1.
CVE-2019-11831 has a severity rating of 9.8 (Critical).
To fix CVE-2019-11831, update the PharStreamWrapper package to version 2.1.1 or 3.1.1, and update TYPO3 and Drupal to the latest versions.
You can find more information about CVE-2019-11831 at the following references: [Drupal Advisory](https://www.drupal.org/SA-CORE-2019-007), [TYPO3 Advisory](https://typo3.org/security/advisory/typo3-psa-2019-007), and [SecurityFocus BID](http://www.securityfocus.com/bid/108302).