Lucene search
K

4 matches found

OSV
OSV
added 2026/01/28 9:28 p.m.6 views

GHSA-R39X-JCWW-82V6 Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/01/28 9:28 p.m.8 views

Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2026/01/28 8:25 p.m.21 views

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

6.3CVSS0.00201EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/28 8:25 p.m.3 views

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References5
Rows per page
Query Builder