Symfony Yaml vulnerabilities
2 known vulnerabilities affecting symfony/yaml.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2013-1397HIGHCVSS 7.5≥ 2.0.0, < 2.0.22≥ 2.1.0, < 2.1.7+1 more2022-05-17
CVE-2013-1397 [HIGH] CWE-94 Symfony Arbitrary PHP code Execution
Symfony Arbitrary PHP code Execution
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
ghsaosv
CVE-2013-1348HIGHCVSS 7.5≥ 2.0.0, < 2.0.222022-05-17
CVE-2013-1348 [HIGH] CWE-94 Symphony Vulnerable to PHP Code Injection via YAML Parsing
Symphony Vulnerable to PHP Code Injection via YAML Parsing
The `Yaml::parse` function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
ghsaosv