Описание
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
Релиз | Статус | Примечание |
---|---|---|
bionic | ignored | end of standard support, was needed |
devel | not-affected | 4.3.8+dfsg-1ubuntu1 |
disco | ignored | end of life |
eoan | ignored | end of life |
esm-apps/bionic | needed | |
esm-apps/focal | not-affected | 4.3.8+dfsg-1ubuntu1 |
esm-apps/jammy | not-affected | 4.3.8+dfsg-1ubuntu1 |
esm-apps/noble | not-affected | 4.3.8+dfsg-1ubuntu1 |
esm-apps/xenial | needed | |
esm-infra-legacy/trusty | DNE |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through ...
Symfony Unsafe Cache Serialization Could Enable RCE
Уязвимость программной платформы для разработки и управления веб-приложениями Symfony, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю внедрить произвольный код
7.5 High
CVSS2
9.8 Critical
CVSS3