exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2024-28861

почти 2 года назад

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue.

CVSS3: 9.8

EPSS: Низкий

GHSA-pv9j-c53q-h433

почти 2 года назад

Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2024-28861 Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue.	CVSS3: 9.8	7% Низкий	почти 2 года назад
	GHSA-pv9j-c53q-h433 Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder		7% Низкий	почти 2 года назад

Уязвимостей на страницу