CVE-2019-11325
N/A
N/A
Summary
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/symfony/var-exporter/compare/d8bf442…57e00f3
- https://symfony.com/blog/symfony-4-3-8-released
- https://github.com/symfony/symfony/releases/tag/v4.3.8
- https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
References
- https://github.com/symfony/var-exporter/compare/d8bf442…57e00f3
- https://symfony.com/blog/symfony-4-3-8-released
- https://github.com/symfony/symfony/releases/tag/v4.3.8
- https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.