MISP – PHAR deserialization
CIRCL – Computer Incident Response Center Luxembourg
Update to MISP version 2.4.158
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur allowing authenticated users to execute code on the MISP operating system.
This vulnerability includes multiple phar deserialization occurrences that could be exploited in various places.
The most dangerous occurrence was fixed in version 2.4.157.
Ianis Bernard from NATO Cyber Security Centre
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.