10 matches found
PT-2026-44142
Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4 Description The SymfonyComponentCacheAdapterPdoAdapter contains a flaw in the clear$prefix method inherited from AbstractAdapterTrait. In the non-versioning code path, the $prefix variable is concatenated into a...
GitLab: Remote Command Execution via Github import
Summary This is very similar to https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/Remote%20Command%20Execution%20via%20Github%20import and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the...
Symfony Unsafe Cache Serialization Could Enable RCE
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
Code injection
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...
CVE-2019-18889
CVE-2019-18889 affects Symfony’s cache component across Symfony 3.4.0–3.4.34, 4.2.0–4.2.11, and 4.3.0–4.3.7. The issue is caused by deserializing certain cache adapter interfaces, which could enable remote code injection. Affected adapters include AbstractAdapter and TagAwareAdapter (as noted in ...