[topthink/framework] ThinkPHP deserialization vulnerability

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-38352
• https://github.com/top-think/framework/issues/2749
• https://github.com/advisories/GHSA-qjjj-7g7h-54v3