Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-51736

Опубликовано: 06 нояб. 2024
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Версия до 5.4.46 (исключая)
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Версия от 6.0.0 (включая) до 6.4.14 (исключая)
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.1.7 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00082
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

ubuntu логотип

CVE-2024-51736

ubuntu
10 месяцев назад

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian логотип

CVE-2024-51736

debian
10 месяцев назад

Symphony process is a module for the Symphony PHP framework which exec ...

github логотип

GHSA-qq5c-677p-737q

CVSS3: 8.4
github
11 месяцев назад

Symfony vulnerable to command execution hijack on Windows with Process class

EPSS

Процентиль: 25%
0.00082
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77