CVE-2019-10912

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 2.8.50 Symfony versions 3.x prior to 3.4.26 Symfony versions 4.x prior to 4.1.12 Symfony versions 4.2.x prior to 4.2.7

Description The issue is related to the symfony/cache and symfony/phpunit-bridge components, where objects containing bad user input can be cached. Upon serialization or unserialization, this could lead to the deletion of files accessible by the current user. The vulnerability is also related to the exploitation of the sleep and wakeup functions, allowing an attacker to restore invalid data in memory, potentially compromising data integrity.

Recommendations For Symfony versions prior to 2.8.50, update to version 2.8.50 or later. For Symfony versions 3.x prior to 3.4.26, update to version 3.4.26 or later. For Symfony versions 4.x prior to 4.1.12, update to version 4.1.12 or later. For Symfony versions 4.2.x prior to 4.2.7, update to version 4.2.7 or later.