CVE-2014-4931 — Code Injection in Framework-bundle

CWE-94 — Code Injection2 documents2 sources

Severity

—HIGH

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symfony Framework-bundle Symfony

Timeline

PublishedMay 30

Description

Code injection in the way Symfony implements translation caching in FrameworkBundle When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from FrameworkBundle (so basic…

Affected Packages2 packages

▶Packagistsymfony/symfony2.0.0 — 2.3.19+2

▶Packagistsymfony/framework-bundle2.0.0 — 2.3.18+2

🔴Vulnerability Details

OSV

Code injection in the way Symfony implements translation caching in FrameworkBundle↗2024-05-30

▶

GHSA

Code injection in the way Symfony implements translation caching in FrameworkBundle↗2024-05-30

▶