Description
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4441-1 | symfony security update |
 EUVD |
EUVD-2020-0316 | In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge. |
 Github GHSA |
GHSA-w2fr-65vp-mxw3 | Deserialization of untrusted data in Symfony |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T22:40:15.260Z
Reserved: 2019-04-07T00:00:00.000Z
Link: CVE-2019-10912
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-16T22:29:00.580
Modified: 2024-11-21T04:20:08.073
Link: CVE-2019-10912
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses