PT-2019-5182 · Symfony · Symfony

Nicolas-Grekas

Publicado

2019-11-18

Atualizado

2020-08-24

CVE-2019-18889

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symfony versions 3.4.0 through 3.4.34 Symfony versions 4.2.0 through 4.2.11 Symfony versions 4.3.0 through 4.3.7

Description The issue exists due to the failure to neutralize special elements, which can allow a remote attacker to inject arbitrary code. This is related to the serialization of certain cache adapter interfaces in Symfony, potentially resulting in remote code injection.

Recommendations For Symfony versions 3.4.0 through 3.4.34, update to a version that fixes the issue with serializing cache adapter interfaces. For Symfony versions 4.2.0 through 4.2.11, update to a version that fixes the issue with serializing cache adapter interfaces. For Symfony versions 4.3.0 through 4.3.7, update to a version that fixes the issue with serializing cache adapter interfaces.

Exploit

Correção

Special Elements Injection

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-94

Identificadores relacionados

BDU:2020-01855

CVE-2019-18889

DSA-4573-1

GHSA-79GR-58R3-PWM3

Produtos afetados

Symfony

PT-2019-5182 · Symfony · Symfony

CVE-2019-18889

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20