Linux Distros Unpatched Vulnerability : CVE-2019-18889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could resul...

Fedora 31 : php-symfony3 (2019-8b0ba02338)

Version 3.4.35 2019-11-13 - bug 34344 Console Constant STDOUT might be undefined nicolas-grekas - security cve-2019-18889 Cache forbid serializing AbstractAdapter and TagAwareAdapter instances nicolas-grekas - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading da...

CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

CVE-2019-18889

CVE-2019-18889 affects Symfony’s cache component across Symfony 3.4.0–3.4.34, 4.2.0–4.2.11, and 4.3.0–4.3.7. The issue is caused by deserializing certain cache adapter interfaces, which could enable remote code injection. Affected adapters include AbstractAdapter and TagAwareAdapter (as noted in ...

[SECURITY] [DSA 4573-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...

CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances

More info at https://symfony.com/cve-2019-18889...

CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances

More info at https://symfony.com/cve-2019-18889...