### [CVE-2021-23592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23592)
![](https://img.shields.io/static/v1?label=Product&message=topthink%2Fframework&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Deserialization%20of%20Untrusted%20Data&color=brightgreen)

### Description

The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.

### POC

#### Reference
- https://github.com/top-think/framework/releases/tag/v6.0.12
- https://snyk.io/vuln/SNYK-PHP-TOPTHINKFRAMEWORK-2385695

#### Github
No PoCs found on GitHub currently.