Symfony Cache vulnerabilities
2 known vulnerabilities affecting symfony/cache.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2019-10912HIGH≥ 3.1.0, < 3.4.26≥ 4.0.0, < 4.1.12+1 more2020-02-12
CVE-2019-10912 [HIGH] CWE-502 Deserialization of untrusted data in Symfony
Deserialization of untrusted data in Symfony
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
ghsaosv
CVE-2019-18889CRITICAL≥ 3.1.0, < 3.4.35≥ 4.0.0, < 4.2.12+1 more2019-12-02
CVE-2019-18889 [CRITICAL] CWE-94 Symfony Unsafe Cache Serialization Could Enable RCE
Symfony Unsafe Cache Serialization Could Enable RCE
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
ghsaosv