Описание
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Ссылки
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.2.0 (включая) до 4.2.12 (исключая)Версия от 4.3.0 (включая) до 4.3.8 (исключая)
Одно из
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04687
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-116
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVSS3: 9.8
debian
больше 5 лет назад
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3. ...
EPSS
Процентиль: 89%
0.04687
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-116