Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11325

Опубликовано: 21 нояб. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
symfonyfixed4.3.8+dfsg-1package
symfonynot-affectedbusterpackage
symfonynot-affectedstretchpackage
symfonynot-affectedjessiepackage

Примечания

  • https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter

  • https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a

EPSS

Процентиль: 89%
0.04687
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-11325

CVSS3: 9.8
ubuntu
больше 5 лет назад

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

nvd логотип

CVE-2019-11325

CVSS3: 9.8
nvd
больше 5 лет назад

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

github логотип

GHSA-w4rc-rx25-8m86

CVSS3: 9.8
github
больше 5 лет назад

Improper Input Validation in Symfony

EPSS

Процентиль: 89%
0.04687
Низкий