[SECURITY] Prevent destructors with side-effects from being unserialized (ab4fec2a) · Commits · TYPO3 / TYPO3.CMS

Commit ab4fec2a authored 4 years ago by

Oliver Hader Committed by Oliver Hader 4 years ago

[SECURITY] Prevent destructors with side-effects from being unserialized

Deserialization of objects could lead to arbitrary removal of resources
as well as sending out message via mail.

Resolves: #88573
Resolves: #90316
Releases: master, 9.5
Change-Id: I3f77928203f4929bc715f548fb9bfdc0cd749e93
Security-Bulletin: TYPO3-CORE-SA-2020-004
Security-References: CVE-2020-11066
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64468


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

parent 0040b7b3

Branches