[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-11143":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":32,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":48,"related":49,"reserved_at":9,"published_at":51,"modified_at":52,"state":53,"summary":54,"references_raw":63,"kevs":112,"epss":113,"epss_history":116,"metrics":366,"affected":376},"CVE-2017-11143","In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.",null,[11,20],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],{"_key":21,"id":21,"name":22,"description":23,"type":15,"status":24,"abstraction":25,"likelihood_of_exploit":26,"capec":27},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","Draft","Base","Medium",[28],{"id":29,"name":30,"techniques":31},"CAPEC-586","Object Injection",[],[],[],[],[36,38,40,42,44,46],{"_key":37},"SUSE-SU-2017:2317-1",{"_key":39},"DLA-1034-1",{"_key":41},"DSA-4081-1",{"_key":43},"UBUNTU-CVE-2017-11143",{"_key":45},"USN-3382-1",{"_key":47},"RHSA-2018:1296",[],[50],{"_key":37},"2017-07-10T14:00:00.000Z","2024-08-05T17:57:57.688Z","Modified",{"cisa_kev":55,"cisa_ransomware":55,"cisa_vendor":9,"epss_severity":56,"epss_score":57,"severity":58,"severity_score":59,"severity_version":60,"severity_source":61,"severity_vector":62,"severity_status":53},false,"low",0.09817,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[64,73,77,83,89,94,99,103,108],{"url":65,"sources":66,"tags":68},"http://openwall.com/lists/oss-security/2017/07/10/6",[67,61],"cve.org",[69,70,71,72],"X Refsource CONFIRM","Mailing List","Patch","Third Party Advisory",{"url":74,"sources":75,"tags":76},"https://www.tenable.com/security/tns-2017-12",[67,61],[69],{"url":78,"sources":79,"tags":80},"http://www.securityfocus.com/bid/99553",[67,61],[81,82],"VDB Entry","X Refsource BID",{"url":84,"sources":85,"tags":86},"https://bugs.php.net/bug.php?id=74145",[67,61],[69,87,71,88],"Issue Tracking","Vendor Advisory",{"url":90,"sources":91,"tags":92},"https://access.redhat.com/errata/RHSA-2018:1296",[67,61],[88,93],"X Refsource REDHAT",{"url":95,"sources":96,"tags":97},"http://php.net/ChangeLog-5.php",[67,61],[69,98,88],"Release Notes",{"url":100,"sources":101,"tags":102},"https://security.netapp.com/advisory/ntap-20180112-0001/",[67,61],[69],{"url":104,"sources":105,"tags":106},"https://www.debian.org/security/2018/dsa-4081",[67,61],[88,107],"X Refsource DEBIAN",{"url":109,"sources":110,"tags":111},"https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7",[67,61],[69],[],{"date":114,"score":57,"percentile":115},"2026-06-04",0.93113,[117,121,124,126,129,132,135,137,139,142,145,148,151,153,156,160,163,166,169,171,174,177,180,183,185,188,190,193,197,200,203,206,209,212,214,217,220,223,226,229,232,235,238,240,243,246,249,251,254,257,259,262,265,268,272,275,278,280,282,285,288,291,293,296,299,301,304,306,309,312,314,316,319,322,325,328,331,333,336,339,342,345,348,350,352,354,356,358,360,363],{"date":118,"score":119,"percentile":120},"2025-11-04",0.11856,0.93424,{"date":122,"score":119,"percentile":123},"2025-11-05",0.93423,{"date":125,"score":119,"percentile":120},"2025-11-06",{"date":127,"score":119,"percentile":128},"2025-11-07",0.93429,{"date":130,"score":119,"percentile":131},"2025-11-08",0.93428,{"date":133,"score":119,"percentile":134},"2025-11-09",0.93426,{"date":136,"score":119,"percentile":134},"2025-11-10",{"date":138,"score":119,"percentile":128},"2025-11-11",{"date":140,"score":119,"percentile":141},"2025-11-12",0.93435,{"date":143,"score":119,"percentile":144},"2025-11-13",0.93438,{"date":146,"score":119,"percentile":147},"2025-11-14",0.93441,{"date":149,"score":119,"percentile":150},"2025-11-15",0.93434,{"date":152,"score":119,"percentile":144},"2025-11-16",{"date":154,"score":119,"percentile":155},"2025-11-17",0.93436,{"date":157,"score":158,"percentile":159},"2025-11-18",0.12137,0.93134,{"date":161,"score":158,"percentile":162},"2025-11-19",0.93137,{"date":164,"score":158,"percentile":165},"2025-11-20",0.93142,{"date":167,"score":158,"percentile":168},"2025-11-21",0.93529,{"date":170,"score":158,"percentile":168},"2025-11-22",{"date":172,"score":158,"percentile":173},"2025-11-23",0.93534,{"date":175,"score":158,"percentile":176},"2025-11-24",0.93536,{"date":178,"score":158,"percentile":179},"2025-11-25",0.93538,{"date":181,"score":158,"percentile":182},"2025-11-26",0.93535,{"date":184,"score":158,"percentile":179},"2025-11-27",{"date":186,"score":158,"percentile":187},"2025-11-28",0.93531,{"date":189,"score":158,"percentile":179},"2025-11-29",{"date":191,"score":158,"percentile":192},"2025-11-30",0.93537,{"date":194,"score":195,"percentile":196},"2025-12-01",0.10338,0.9295,{"date":198,"score":195,"percentile":199},"2025-12-02",0.92954,{"date":201,"score":195,"percentile":202},"2025-12-03",0.92957,{"date":204,"score":119,"percentile":205},"2025-12-04",0.93456,{"date":207,"score":119,"percentile":208},"2025-12-05",0.93459,{"date":210,"score":119,"percentile":211},"2025-12-06",0.93458,{"date":213,"score":119,"percentile":211},"2025-12-07",{"date":215,"score":119,"percentile":216},"2025-12-08",0.93461,{"date":218,"score":119,"percentile":219},"2025-12-09",0.93462,{"date":221,"score":119,"percentile":222},"2025-12-10",0.93467,{"date":224,"score":119,"percentile":225},"2025-12-11",0.9347,{"date":227,"score":119,"percentile":228},"2025-12-12",0.93474,{"date":230,"score":119,"percentile":231},"2025-12-13",0.93477,{"date":233,"score":119,"percentile":234},"2025-12-14",0.93476,{"date":236,"score":119,"percentile":237},"2025-12-15",0.93479,{"date":239,"score":119,"percentile":234},"2025-12-16",{"date":241,"score":119,"percentile":242},"2025-12-17",0.93481,{"date":244,"score":119,"percentile":245},"2025-12-18",0.93483,{"date":247,"score":119,"percentile":248},"2025-12-19",0.93484,{"date":250,"score":119,"percentile":242},"2025-12-20",{"date":252,"score":119,"percentile":253},"2025-12-21",0.93485,{"date":255,"score":119,"percentile":256},"2025-12-22",0.93491,{"date":258,"score":119,"percentile":245},"2025-12-23",{"date":260,"score":119,"percentile":261},"2025-12-24",0.93488,{"date":263,"score":119,"percentile":264},"2025-12-25",0.93501,{"date":266,"score":119,"percentile":267},"2025-12-26",0.93499,{"date":269,"score":270,"percentile":271},"2025-12-27",0.09469,0.92589,{"date":273,"score":119,"percentile":274},"2025-12-28",0.93496,{"date":276,"score":119,"percentile":277},"2025-12-29",0.93495,{"date":279,"score":119,"percentile":274},"2025-12-30",{"date":281,"score":119,"percentile":264},"2025-12-31",{"date":283,"score":195,"percentile":284},"2026-01-01",0.92997,{"date":286,"score":195,"percentile":287},"2026-01-02",0.9299,{"date":289,"score":195,"percentile":290},"2026-01-03",0.92988,{"date":292,"score":119,"percentile":274},"2026-01-04",{"date":294,"score":119,"percentile":295},"2026-01-05",0.93492,{"date":297,"score":119,"percentile":298},"2026-01-06",0.93494,{"date":300,"score":119,"percentile":298},"2026-01-07",{"date":302,"score":119,"percentile":303},"2026-01-08",0.93497,{"date":305,"score":119,"percentile":264},"2026-01-09",{"date":307,"score":119,"percentile":308},"2026-01-10",0.93502,{"date":310,"score":119,"percentile":311},"2026-01-11",0.935,{"date":313,"score":119,"percentile":267},"2026-01-12",{"date":315,"score":119,"percentile":303},"2026-01-13",{"date":317,"score":119,"percentile":318},"2026-01-14",0.93506,{"date":320,"score":119,"percentile":321},"2026-01-15",0.93507,{"date":323,"score":119,"percentile":324},"2026-01-16",0.93513,{"date":326,"score":119,"percentile":327},"2026-01-17",0.93519,{"date":329,"score":119,"percentile":330},"2026-01-18",0.93512,{"date":332,"score":119,"percentile":330},"2026-01-19",{"date":334,"score":119,"percentile":335},"2026-01-20",0.93514,{"date":337,"score":119,"percentile":338},"2026-01-21",0.93517,{"date":340,"score":119,"percentile":341},"2026-01-22",0.93521,{"date":343,"score":119,"percentile":344},"2026-01-23",0.93523,{"date":346,"score":119,"percentile":347},"2026-01-24",0.93527,{"date":349,"score":119,"percentile":168},"2026-01-25",{"date":351,"score":119,"percentile":187},"2026-01-26",{"date":353,"score":119,"percentile":187},"2026-01-27",{"date":355,"score":119,"percentile":176},"2026-01-28",{"date":357,"score":119,"percentile":192},"2026-01-29",{"date":359,"score":119,"percentile":176},"2026-01-30",{"date":361,"score":119,"percentile":362},"2026-01-31",0.93539,{"date":364,"score":195,"percentile":365},"2026-02-01",0.93039,[367],{"source":61,"cvss_v2_0":368,"cvss_v3_0":373,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":369,"baseSeverity":9,"vectorString":370,"impactScore":371,"exploitabilityScore":372},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":59,"baseSeverity":374,"vectorString":62,"impactScore":375,"exploitabilityScore":372},"HIGH",6,[377],{"ecosystem":9,"name":378,"vendor":9,"product":378,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},"PHP",[380],{"version":381,"is_range":382,"range_type":383,"version_start":9,"version_start_type":9,"version_end":384,"version_end_type":385,"fixed_in":9},"lte5.6.30",true,"cpe","5.6.30","including"]