Description
DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Published: 2024-11-29
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cg28-v4wq-whv5 Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization
References

No reference.

History

Tue, 24 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
CPEs cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:*
Vendors & Products 21degrees
21degrees symphony
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Dec 2024 21:45:00 +0000

Type Values Removed Values Added
References

Tue, 24 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. NOTE: the Supplier has concluded that this is a false report. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Tue, 03 Dec 2024 20:45:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. NOTE: the Supplier has concluded that this is a false report.
References

Mon, 02 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared 21degrees
21degrees symphony
Weaknesses CWE-94
CPEs cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:*
Vendors & Products 21degrees
21degrees symphony
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 Nov 2024 19:45:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.
References

Subscriptions

No data.

cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published:

Updated: 2024-12-24T21:13:42.813Z

Reserved: 2024-05-30T00:00:00.000Z

Link: CVE-2024-36610

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2024-11-29T20:15:20.237

Modified: 2024-12-24T21:15:18.280

Link: CVE-2024-36610

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.