Lucene search
Veracode Vulnerability DatabaseVERACODE:21955HistoryNov 15, 2019 - 3:01 a.m.
Arbitrary Code Execution
2019-11-1503:01:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.009
Percentile
82.6%
symfony/symfony is vulnerable to arbitrary code execution. The vulnerability exists as the VarExporter does not properly escape strings, allowing strings with newlines to be executed.
References
github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a
github.com/symfony/symfony/commit/d446d7733abd8807ff43e7a689065e6ebc48e32a
github.com/symfony/symfony/releases/tag/v4.3.8
github.com/symfony/var-exporter/compare/d8bf442...57e00f3
symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
symfony.com/blog/symfony-4-3-8-released
Related
osv
osv
CVE-2019-11325
2019-11-21 23:15:13
Improper Input Validation in Symfony
2020-02-12 18:44:16
symfony
symfony
CVE-2019-11325: Fix escaping of strings in VarExporter
2019-11-13 00:00:00
prion
prion
Code injection
2019-11-21 23:15:00
cvelist
cvelist
CVE-2019-11325
2019-11-21 22:15:55
ubuntucve
ubuntucve
CVE-2019-11325
2019-11-21 00:00:00
friendsofphp
friendsofphp
CVE-2019-11325: Fix escaping of strings in VarExporter
2019-11-13 08:00:00
CVE-2019-11325: Fix escaping of strings in VarExporter
2019-11-13 08:00:00
nvd
nvd
CVE-2019-11325
2019-11-21 23:15:13
github
github
Improper Input Validation in Symfony
2020-02-12 18:44:16
debiancve
debiancve
CVE-2019-11325
2019-11-21 23:15:13
cve
cve
CVE-2019-11325
2019-11-21 23:15:13
openvas
openvas
Symfony 4.2.x < 4.2.12, 4.3.x < 4.3.8 Multiple Vulnerabilities
2019-11-22 00:00:00