Описание
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 3.4.22+dfsg-2 |
| disco | ignored | end of life |
| eoan | not-affected | 3.4.22+dfsg-2 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 3.4.22+dfsg-2 |
| esm-apps/jammy | not-affected | 3.4.22+dfsg-2 |
| esm-apps/noble | not-affected | 3.4.22+dfsg-2 |
| esm-apps/xenial | not-affected | code not present |
Показывать по
EPSS
6.5 Medium
CVSS2
7.1 High
CVSS3
Связанные уязвимости
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4. ...
Уязвимость функций __sleep и __wakeup программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
6.5 Medium
CVSS2
7.1 High
CVSS3