Object Cache Vulnerability in Symfony Software Framework
CVE-2019-10912

7.1HIGH

Key Information:

Vendor

Sensiolabs

Status
Symfony
Vendor
CVE Published:
16 May 2019

What is CVE-2019-10912?

The vulnerability allows for improper caching of objects containing potentially dangerous user input in the Symfony Framework. When data is serialized or unserialized, this could lead to unauthorized file deletion, impacting system integrity and security. Developers utilizing affected versions of Symfony are urged to update to the latest secure releases to mitigate this risk.

References

https://symfony.com/blog/cve-2019-10912-prevent-destructo...
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.