1 article with this tag
PHP object injection (CWE-502) in Mirasvit Full Page Cache Warmer for Magento 2 before 1.11.12 reaches unauthenticated RCE. CVSS 9.3. The real fix is updating to 1.11.12+. The root rule: never deserialize untrusted data.