Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5048. Original Description A deserialization vulnerability exists in the Stub clas...

GHSA-CG28-V4WQ-WHV5 Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5048. Original Description A deserialization vulnerability exists in the Stub clas...

CVE-2024-36610

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

PT-2024-27093 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony version 7.0.3 Description: A deserialization vulnerability is reported to exist in the Stub class of the VarDumper module in Symfony. The issue stems from deficiencies in handling properties with null or uninitialized values,...

CVE-2024-36610

CVE-2024-36610 is associated with Symfony’s VarDumper deserialization issue in the Stub class, reportedly allowing crafted serialized data to trigger code execution. The primary public entries treat the candidate as withdrawn/invalid (e.g., advisories and sources noting withdrawal or removal). A ...

CVE-2024-36610

...

CVE-2024-36610

...

Fedora 32 : php-symfony4 (2020-16eb328853)

Version 4.4.13 2020-09-02 - security CVE-2020-15094 Remove headers with internal meaning from HttpClient responses mpdude - bug 38024 Console Fix undefined index for inconsistent command name definition chalasr - bug 38023 DI fix inlining of non-shared services nicolas-grekas - bug 38020...