Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday23 views

CVE-2026-55878 Symfony: Path Traversal in symfony/ux-toolkit Allows Arbitrary File Write and Read via Crafted Recipe Manifest

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS
Exploits0References4
CVE
CVE
added yesterday18 views

CVE-2026-55878

The CVE-2026-55878 issue affects Symfony UX Toolkit. Affected: Symfony UX versions 2.32.0–2.36.0 and 3.0.0–3.1.x (pre-2.36.1/3.2.0). The ux:install console command copies files from a recipe kit using paths listed in copy-files; because Path::isRelative() treats paths like ../../../etc as relativ...

7.8CVSS6AI score
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2026/06/19 7:21 a.m.9 views

symfony/ux-toolkit Path Traversal allows arbitrary file write and read via crafted recipe manifest

Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...

7.8CVSS6.1AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score
Exploits0References9
Rows per page
Query Builder