[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-10912Date: (C)2019-05-23   (M)2023-12-22


In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.1CVSS Score : 6.5
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 4.2Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: PARTIAL
Integrity: HIGH 
Availability: NONE 
  
Reference:
https://seclists.org/bugtraq/2019/May/21
DSA-4441
FEDORA-2019-0ef4149687
FEDORA-2019-2a7f472198
FEDORA-2019-32067d8b15
FEDORA-2019-3ee6a7adf2
FEDORA-2019-8635280de5
FEDORA-2019-a3ca65028c
FEDORA-2019-f5d6a7ce74
FEDORA-2019-f8db687840
https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
https://typo3.org/security/advisory/typo3-core-sa-2019-016/

CWE    1
CWE-502
OVAL    2
oval:org.secpod.oval:def:55029
oval:org.secpod.oval:def:603917

© SecPod Technologies