Description
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)
Squid Improper Input Validation Vulnerability (CVE-2015-3455)
WordPress Plugin Frontend Uploader Cross-Site Scripting (0.9.2)
WordPress Plugin Simple Security Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
DOMPurify URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-25155)