Hi Stas, > -----Original Message----- > From: Stanislav Malyshev [mailto:smalys...@gmail.com] > Sent: Tuesday, November 1, 2016 6:14 PM > To: Nikita Popov <nikita....@gmail.com> > Cc: Anatol Belski <anatol....@belski.net>; PHP Internals > <internals@lists.php.net>; Remi Collet <r...@fedoraproject.org> > Subject: Re: [PHP-DEV] bug classification discussion > > Hi! > > > I'm also wondering under which category unserialize() issues would > > (usually) fall. I'd assume "low" (because requires documented insecure > > code + well known class of vulnerabilities). > > I'd say medium. While it's documented that unserializing external strings is > unsafe, there is code out there that does exactly that. > Especially older code from times before JSON was mainstream. > I can do that.
Regards Anatol -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
