Lucene search
HistoryJun 02, 2014 - 3:55 p.m.
CVE-2013-1397
cve-2013-1397
symfony
remote attackers
php code execution
yaml
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.0%
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
Affected configurations
Node
sensiolabssymfonyMatch2.0.0
ORsensiolabssymfonyMatch2.0.1
ORsensiolabssymfonyMatch2.0.2
ORsensiolabssymfonyMatch2.0.3
ORsensiolabssymfonyMatch2.0.4
ORsensiolabssymfonyMatch2.0.5
ORsensiolabssymfonyMatch2.0.6
ORsensiolabssymfonyMatch2.0.7
ORsensiolabssymfonyMatch2.0.8
ORsensiolabssymfonyMatch2.0.9
ORsensiolabssymfonyMatch2.0.10
ORsensiolabssymfonyMatch2.0.11
ORsensiolabssymfonyMatch2.0.12
ORsensiolabssymfonyMatch2.0.13
ORsensiolabssymfonyMatch2.0.14
ORsensiolabssymfonyMatch2.0.15
ORsensiolabssymfonyMatch2.0.16
ORsensiolabssymfonyMatch2.0.17
ORsensiolabssymfonyMatch2.0.18
ORsensiolabssymfonyMatch2.0.19
ORsensiolabssymfonyMatch2.0.20
ORsensiolabssymfonyMatch2.0.21
ORsensiolabssymfonyMatch2.1.0
ORsensiolabssymfonyMatch2.1.1
ORsensiolabssymfonyMatch2.1.2
ORsensiolabssymfonyMatch2.1.3
ORsensiolabssymfonyMatch2.1.4
ORsensiolabssymfonyMatch2.1.5
ORsensiolabssymfonyMatch2.1.6
ORsensiolabssymfonyMatch2.2.0
ORsensiolabssymfonyMatch2.2.1
ORsensiolabssymfonyMatch2.2.2
ORsensiolabssymfonyMatch2.2.3
ORsensiolabssymfonyMatch2.2.4
ORsensiolabssymfonyMatch2.2.5
ORsensiolabssymfonyMatch2.2.6
ORsensiolabssymfonyMatch2.2.8
ORsensiolabssymfonyMatch2.2.9
ORsensiolabssymfonyMatch2.2.10
ORsensiolabssymfonyMatch2.2.11
Related
nessus
nessus
Fedora 16 : php-symfony2-Yaml-2.0.22-1.fc16 (2013-1130)
2013-01-29 00:00:00
Fedora 17 : php-symfony2-Yaml-2.1.7-1.fc17 (2013-0985)
2013-02-04 00:00:00
Fedora 18 : php-symfony2-Yaml-2.1.7-1.fc18 (2013-1167)
2013-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: php-symfony2-Yaml-2.0.22-1.fc16
2013-01-28 14:52:49
[SECURITY] Fedora 17 Update: php-symfony2-Yaml-2.1.7-1.fc17
2013-02-03 13:44:19
[SECURITY] Fedora 18 Update: php-symfony2-Yaml-2.1.7-1.fc18
2013-02-03 13:43:10
nvd
nvd
CVE-2013-1348
2014-06-02 15:55:08
CVE-2013-1397
2014-06-02 15:55:08
cvelist
cvelist
CVE-2013-1348
2014-06-02 15:00:00
CVE-2013-1397
2014-06-02 15:00:00
github
github
Symphony Vulnerable to PHP Code Injection via YAML Parsing
2022-05-17 01:36:50
Symfony Arbitrary PHP code Execution
2022-05-17 01:36:49
osv
osv
Symphony Vulnerable to PHP Code Injection via YAML Parsing
2022-05-17 01:36:50
Symfony Arbitrary PHP code Execution
2022-05-17 01:36:49
symfony
symfony
Security release: Symfony 2.0.22 and 2.1.7 released
2013-01-17 00:00:00
cve
cve
CVE-2013-1348
2014-06-02 15:55:08
prion
prion
Design/Logic Flaw
2014-06-02 15:55:00
Design/Logic Flaw
2014-06-02 15:55:00
openvas
openvas
Fedora Update for php-symfony2-Yaml FEDORA-2013-1130
2013-01-31 00:00:00
Fedora Update for php-symfony2-Yaml FEDORA-2013-1130
2013-01-31 00:00:00
Fedora Update for php-symfony2-Yaml FEDORA-2013-1167
2013-02-04 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-07-30 07:36:47
Remote Code Execution (RCE)
2017-07-30 23:05:42
friendsofphp
friendsofphp
Ability to enable/disable object support in YAML parsing and dumping
2013-01-15 21:21:51
Ability to enable/disable object support in YAML parsing and dumping
2013-01-15 21:21:51
Ability to enable/disable PHP parsing in Yaml::parse()
2013-01-15 21:16:19
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.0%
Related for CVE-2013-1397