Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Fix h1 report 175626
Deserialization of Untrusted Data --------------------------------- HackerOne user Nicolas Grégoire - Agarri has reported that Revive Adserver was unserializing untrusted data submitted via cookies in the delivery scripts. An attacker could use such vector to either perform generic RCE attacks (e.g. when a vulnerable PHP version is being used) or, potentially, application-specific attacks. CWE-ID: CWE-502 CVSSv3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C CVSSv3 Base Score: 9.8 CVSSv3 Temporal Score: 8.5
- Loading branch information
Showing
with
25 additions
and 19 deletions.
- +6 −4 lib/max/Delivery/querystring.php
- +17 −13 www/delivery_dev/afr.php
- +2 −2 www/delivery_dev/avw.php