Lucene search

K

MitreCVELIST:CVE-2019-18888

HistoryNov 21, 2019 - 10:19 p.m.

CVE-2019-18888

2019-11-2122:19:52

mitre

www.cve.org

5

AI Score

7.6

Confidence

High

EPSS

0.004

Percentile

72.4%

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

References

github.com/symfony/symfony/releases/tag/v4.3.8

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/

symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser

symfony.com/blog/symfony-4-3-8-released

AI Score

7.6

Confidence

High

EPSS

0.004

Percentile

72.4%

Related for CVELIST:CVE-2019-18888

cve1 friendsofphp3 debiancve1 osv4 veracode1 prion1 nvd1 symfony1 ubuntucve1 github1 nessus5 openvas3 fedora3 debian2