CVE-2019-18889
Summary
| CVE | CVE-2019-18889 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-21 23:15:00 UTC |
| Updated | 2023-11-07 03:07:00 UTC |
| Description | An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Application | Sensiolabs | Symfony | All | All | All | All |
| Application | Sensiolabs | Symfony | All | All | All | All |
| Application | Sensiolabs | Symfony | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 31 Update: php-symfony3-3.4.35-2.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Release v4.3.8 · symfony/symfony · GitHub | CONFIRM | github.com | Release Notes |
| Symfony 4.3.8 released (Symfony Blog) | CONFIRM | symfony.com | Release Notes |
| CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances (Symfony Blog) | CONFIRM | symfony.com | Vendor Advisory |
| [SECURITY] Fedora 31 Update: php-symfony3-3.4.35-2.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.