27 matches found
Symfony Process Component < 5.4.51 / 6.4.x < 6.4.33 / 7.3.x < 7.3.11 / 7.4.x < 7.4.5 / 8.0.x < 8.0.5 Argument Injection (GHSA-r39x-jcww-82v6)
The version of Symfony Process Component installed on the remote host is prior to 5.4.51, or 6.4.x prior to 6.4.33, or 7.3.x prior to 7.3.11, or 7.4.x prior to 7.4.5, or 8.0.x prior to 8.0.5. It is, therefore, affected by an argument injection vulnerability. The Symfony Process component did not...
Symfony < 5.4.51 / 6.4.x < 6.4.33 / 7.3.x < 7.3.11 / 7.4.x < 7.4.5 / 8.0.x < 8.0.5 Process Component Argument Injection (GHSA-r39x-jcww-82v6)
The version of Symfony installed on the remote host is prior to 5.4.51, or 6.4.x prior to 6.4.33, or 7.3.x prior to 7.3.11, or 7.4.x prior to 7.4.5, or 8.0.x prior to 8.0.5. It is, therefore, affected by an argument injection vulnerability in the Process component. The Symfony Process component d...
CVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
GHSA-R39X-JCWW-82V6 Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...
CVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
CVE-2026-24739
Summary: CVE-2026-24739 affects the Symfony Process component in Symfony PHP framework. Prior to fixes, unquoted arguments containing characters like “=” could be mis-handled when PHP runs under MSYS2-based environments (e.g., Git Bash) and Symfony spawns native Windows executables. This could co...
PT-2026-5124
Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.51 Symfony versions prior to 6.4.33 Symfony versions prior to 7.3.11 Symfony versions prior to 7.4.5 Symfony versions prior to 8.0.5 Description The Symfony Process component did not properly handle certain...
CVE-2022-37172
Incorrect access control in the install directory C:\msys64 of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...
EUVD-2022-39825
Malicious code in bioql PyPI...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
SUSE CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
CVE-2024-47611 affects XZ Utils on Windows platforms built with MinGW-w64 or MSVC for the command-line tools in versions 5.6.2 and earlier. The underlying issue is command-line argument handling where Unicode characters that do not exist in the legacy code page are converted to similar-looking ch...
CVE-2022-37172
Incorrect access control in the install directory C:\msys64 of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...
CVE-2022-37172
Incorrect access control in the install directory C:\msys64 of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...