DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References

No reference.

History

Tue, 24 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
CPEs cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:*
Vendors & Products 21degrees
21degrees symphony
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Dec 2024 21:45:00 +0000

Type Values Removed Values Added
References

Tue, 24 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. NOTE: the Supplier has concluded that this is a false report. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Tue, 03 Dec 2024 20:45:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. NOTE: the Supplier has concluded that this is a false report.
References

Mon, 02 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared 21degrees
21degrees symphony
Weaknesses CWE-94
CPEs cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:*
Vendors & Products 21degrees
21degrees symphony
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 Nov 2024 19:45:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.
References
cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published: 2024-11-29T00:00:00

Updated: 2024-12-24T21:13:42.813154Z

Reserved: 2024-05-30T00:00:00

Link: CVE-2024-36610

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2024-11-29T20:15:20.237

Modified: 2024-12-24T21:15:18.280

Link: CVE-2024-36610

cve-icon Redhat

No data.