Lucene search
GoogleOSV:GHSA-W4RC-RX25-8M86HistoryFeb 12, 2020 - 6:44 p.m.
Improper Input Validation in Symfony
2020-02-1218:44:16
Google
osv.dev
12
EPSS
0.009
Percentile
82.6%
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
References
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml
github.com/symfony/symfony/releases/tag/v4.3.8
github.com/symfony/var-exporter/compare/d8bf442...57e00f3
nvd.nist.gov/vuln/detail/CVE-2019-11325
symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
symfony.com/blog/symfony-4-3-8-released
symfony.com/cve-2019-11325
Related
osv
osv
CVE-2019-11325
2019-11-21 23:15:13
symfony
symfony
CVE-2019-11325: Fix escaping of strings in VarExporter
2019-11-13 00:00:00
prion
prion
Code injection
2019-11-21 23:15:00
cvelist
cvelist
CVE-2019-11325
2019-11-21 22:15:55
ubuntucve
ubuntucve
CVE-2019-11325
2019-11-21 00:00:00
friendsofphp
friendsofphp
CVE-2019-11325: Fix escaping of strings in VarExporter
2019-11-13 08:00:00
CVE-2019-11325: Fix escaping of strings in VarExporter
2019-11-13 08:00:00
nvd
nvd
CVE-2019-11325
2019-11-21 23:15:13
github
github
Improper Input Validation in Symfony
2020-02-12 18:44:16
debiancve
debiancve
CVE-2019-11325
2019-11-21 23:15:13
cve
cve
CVE-2019-11325
2019-11-21 23:15:13
veracode
veracode
Arbitrary Code Execution
2019-11-15 03:01:59
openvas
openvas
Symfony 4.2.x < 4.2.12, 4.3.x < 4.3.8 Multiple Vulnerabilities
2019-11-22 00:00:00