Lucene search
HistoryJun 02, 2014 - 3:55 p.m.
CVE-2013-1348
symfony
yaml::parse
cve-2013-1348
nvd
security vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.0%
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
Affected configurations
Node
sensiolabssymfonyMatch2.0.0
ORsensiolabssymfonyMatch2.0.1
ORsensiolabssymfonyMatch2.0.2
ORsensiolabssymfonyMatch2.0.3
ORsensiolabssymfonyMatch2.0.4
ORsensiolabssymfonyMatch2.0.5
ORsensiolabssymfonyMatch2.0.6
ORsensiolabssymfonyMatch2.0.7
ORsensiolabssymfonyMatch2.0.8
ORsensiolabssymfonyMatch2.0.9
ORsensiolabssymfonyMatch2.0.10
ORsensiolabssymfonyMatch2.0.11
ORsensiolabssymfonyMatch2.0.12
ORsensiolabssymfonyMatch2.0.13
ORsensiolabssymfonyMatch2.0.14
ORsensiolabssymfonyMatch2.0.15
ORsensiolabssymfonyMatch2.0.16
ORsensiolabssymfonyMatch2.0.17
ORsensiolabssymfonyMatch2.0.18
ORsensiolabssymfonyMatch2.0.19
ORsensiolabssymfonyMatch2.0.20
ORsensiolabssymfonyMatch2.0.21
Related
nessus
nessus
Fedora 16 : php-symfony2-Yaml-2.0.22-1.fc16 (2013-1130)
2013-01-29 00:00:00
Fedora 17 : php-symfony2-Yaml-2.1.7-1.fc17 (2013-0985)
2013-02-04 00:00:00
Fedora 18 : php-symfony2-Yaml-2.1.7-1.fc18 (2013-1167)
2013-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: php-symfony2-Yaml-2.0.22-1.fc16
2013-01-28 14:52:49
[SECURITY] Fedora 17 Update: php-symfony2-Yaml-2.1.7-1.fc17
2013-02-03 13:44:19
[SECURITY] Fedora 18 Update: php-symfony2-Yaml-2.1.7-1.fc18
2013-02-03 13:43:10
nvd
nvd
CVE-2013-1348
2014-06-02 15:55:08
CVE-2013-1397
2014-06-02 15:55:08
cve
cve
CVE-2013-1397
2014-06-02 15:55:08
prion
prion
Design/Logic Flaw
2014-06-02 15:55:00
Design/Logic Flaw
2014-06-02 15:55:00
github
github
Symfony Arbitrary PHP code Execution
2022-05-17 01:36:49
Symphony Vulnerable to PHP Code Injection via YAML Parsing
2022-05-17 01:36:50
osv
osv
Symphony Vulnerable to PHP Code Injection via YAML Parsing
2022-05-17 01:36:50
Symfony Arbitrary PHP code Execution
2022-05-17 01:36:49
symfony
symfony
Security release: Symfony 2.0.22 and 2.1.7 released
2013-01-17 00:00:00
openvas
openvas
Fedora Update for php-symfony2-Yaml FEDORA-2013-1130
2013-01-31 00:00:00
Fedora Update for php-symfony2-Yaml FEDORA-2013-1130
2013-01-31 00:00:00
Fedora Update for php-symfony2-Yaml FEDORA-2013-1167
2013-02-04 00:00:00
cvelist
cvelist
CVE-2013-1348
2014-06-02 15:00:00
CVE-2013-1397
2014-06-02 15:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-07-30 23:05:42
Remote Code Execution (RCE)
2017-07-30 07:36:47
friendsofphp
friendsofphp
Ability to enable/disable PHP parsing in Yaml::parse()
2013-01-15 21:16:19
Ability to enable/disable PHP parsing in Yaml::parse()
2013-01-15 21:16:19
Ability to enable/disable object support in YAML parsing and dumping
2013-01-15 21:21:51
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.0%
Related for CVE-2013-1348