2 matches found
CVE-2024-28859 Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...
CVE-2024-28859
Summary: CVE-2024-28859 describes a gadget-chain-based remote code execution in Symfony1 caused by a vulnerable Swift Mailer dependency. The chain relies on deserializing crafted Swift_KeyCache_DiskKeyCache objects containing a sfOutputEscaperArrayDecorator that uses a user-controlled value and a...