Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Last update: 2022-08-31
The package has not entered testing even though the delay is over
The package has not entered testing even though the 5-day delay is over.Check why.