Add unserialize_noclass

author: jvoisin 2022-12-07 21:02:22 +0100
committer: jvoisin 2022-12-08 20:55:46 +0100
commit: ccfaf3e4713b1878241f1235a6fcb66ad0582d47 (patch)
tree: 97dcd84aed33b1d98095d0cf3f467e9dfb975f0c /doc/source/features.rst
parent: 5966fefb9a291bd0eecd0fff9396b2b6cea4a62e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 25fd62d..60dbbef 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -166,6 +166,8 @@ CVE-2016-9138 <https://bugs.php.net/bug.php?id=73147>`_, `2016-7124
 <https://bugs.php.net/bug.php?id=72663>`_, `CVE-2016-5771 and CVE-2016-5773
 <https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/>`_.
+A less subtle mitigation can be used to simply prevent the deserialization of objects altogether.
 Examples of related vulnerabilities
 """""""""""""""""""""""""""""""""""
author	jvoisin	2022-12-07 21:02:22 +0100
committer	jvoisin	2022-12-08 20:55:46 +0100
commit	ccfaf3e4713b1878241f1235a6fcb66ad0582d47 (patch)
tree	97dcd84aed33b1d98095d0cf3f467e9dfb975f0c /doc/source/features.rst
parent	5966fefb9a291bd0eecd0fff9396b2b6cea4a62e (diff)

diff --git a/doc/source/features.rst b/doc/source/features.rst index 25fd62d..60dbbef 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst
@@ -166,6 +166,8 @@ CVE-2016-9138 <https://bugs.php.net/bug.php?id=73147>`_, `2016-7124
166	<https://bugs.php.net/bug.php?id=72663>`_, `CVE-2016-5771 and CVE-2016-5773	166	<https://bugs.php.net/bug.php?id=72663>`_, `CVE-2016-5771 and CVE-2016-5773
167	<https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/>`_.	167	<https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/>`_.
168		168
		169	A less subtle mitigation can be used to simply prevent the deserialization of objects altogether.
		170
169		171
170	Examples of related vulnerabilities	172	Examples of related vulnerabilities
171	"""""""""""""""""""""""""""""""""""	173	"""""""""""""""""""""""""""""""""""