Lucene search
Veracode Vulnerability DatabaseVERACODE:21969HistoryNov 18, 2019 - 3:53 a.m.
Remote Code Execution
2019-11-1803:53:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
EPSS
0.006
Percentile
78.7%
symfony/symfony is vulnerable to remote code execution. When an instance of TagAwareAdapter is deserialized, Symfony executes callables stored in privates properties in order to invalidates tags. When the instance has been created by unserializing an external payload, those properties are not checked, which leads to a remote code execution.
Related
cvelist
cvelist
CVE-2019-18889
2019-11-21 22:21:42
symfony
symfony
nvd
nvd
CVE-2019-18889
2019-11-21 23:15:13
debiancve
debiancve
CVE-2019-18889
2019-11-21 23:15:13
prion
prion
Code injection
2019-11-21 23:15:00
openvas
openvas
ubuntucve
ubuntucve
CVE-2019-18889
2019-11-21 00:00:00
osv
osv
Symfony Unsafe Cache Serialization Could Enable RCE
2019-12-02 18:07:16
CVE-2019-18889
2019-11-21 23:15:13
symantec
symantec
Symfony CVE-2019-18889 Multiple Remote Code Execution Vulnerabilities
2019-11-13 00:00:00
github
github
Symfony Unsafe Cache Serialization Could Enable RCE
2019-12-02 18:07:16
cve
cve
CVE-2019-18889
2019-11-21 23:15:13
friendsofphp
friendsofphp
fedora
fedora
[SECURITY] Fedora 31 Update: php-symfony3-3.4.35-2.fc31
2019-11-22 00:48:10
nessus
nessus
Fedora 31 : php-symfony3 (2019-8b0ba02338)
2019-11-22 00:00:00
Debian DSA-4573-1 : symfony - security update
2019-11-20 00:00:00
debian
debian
[SECURITY] [DSA 4573-1] symfony security update
2019-11-18 22:04:18