CVE-2019-10910

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 2.7.51 Symfony versions 2.8.x prior to 2.8.50 Symfony versions 3.x prior to 3.4.26 Symfony versions 4.x prior to 4.1.12 Symfony versions 4.2.x prior to 4.2.7

Description The issue is related to the symfony/dependency-injection component and occurs when service ids allow user input. This could allow for SQL Injection and remote code execution due to a lack of protection measures for SQL query structures.

Recommendations For Symfony versions prior to 2.7.51, update to version 2.7.51 or later. For Symfony versions 2.8.x prior to 2.8.50, update to version 2.8.50 or later. For Symfony versions 3.x prior to 3.4.26, update to version 3.4.26 or later. For Symfony versions 4.x prior to 4.1.12, update to version 4.1.12 or later. For Symfony versions 4.2.x prior to 4.2.7, update to version 4.2.7 or later.