Описание
Improper Input Validation in Symfony
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-11325
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml
- https://github.com/symfony/symfony/releases/tag/v4.3.8
- https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3
- https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
- https://symfony.com/blog/symfony-4-3-8-released
- https://symfony.com/cve-2019-11325
Пакеты
symfony/symfony
>= 4.2.0, < 4.2.12
4.2.12
symfony/symfony
>= 4.3.0, < 4.3.8
4.3.8
symfony/var-exporter
>= 4.2.0, < 4.2.12
4.2.12
symfony/var-exporter
>= 4.3.0, < 4.3.8
4.3.8
Связанные уязвимости
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3. ...