Critical severity9.8NVD Advisory· Published May 16, 2019· Updated Jun 17, 2026
CVE-2019-10910
CVE-2019-10910
Description
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symfony/dependency-injectionPackagist | >= 2.7.0, < 2.7.51 | 2.7.51 |
symfony/dependency-injectionPackagist | >= 2.8.0, < 2.8.50 | 2.8.50 |
symfony/dependency-injectionPackagist | >= 3.0.0, < 3.4.26 | 3.4.26 |
symfony/dependency-injectionPackagist | >= 4.0.0, < 4.1.12 | 4.1.12 |
symfony/dependency-injectionPackagist | >= 4.2.0, < 4.2.7 | 4.2.7 |
symfony/proxy-manager-bridgePackagist | >= 2.7.0, < 2.7.51 | 2.7.51 |
symfony/proxy-manager-bridgePackagist | >= 2.8.0, < 2.8.50 | 2.8.50 |
symfony/proxy-manager-bridgePackagist | >= 3.0.0, < 3.4.26 | 3.4.26 |
symfony/proxy-manager-bridgePackagist | >= 4.0.0, < 4.1.12 | 4.1.12 |
symfony/proxy-manager-bridgePackagist | >= 4.2.0, < 4.2.7 | 4.2.7 |
symfony/symfonyPackagist | >= 2.7.0, < 2.7.51 | 2.7.51 |
symfony/symfonyPackagist | >= 2.8.0, < 2.8.50 | 2.8.50 |
symfony/symfonyPackagist | >= 3.0.0, < 3.4.26 | 3.4.26 |
symfony/symfonyPackagist | >= 4.0.0, < 4.1.12 | 4.1.12 |
symfony/symfonyPackagist | >= 4.2.0, < 4.2.7 | 4.2.7 |
Affected products
4- Symfony/Symfonydescription
- ghsa-coords3 versionspkg:composer/symfony/dependency-injectionpkg:composer/symfony/proxy-manager-bridgepkg:composer/symfony/symfony
>= 2.7.0, < 2.7.51+ 2 more
- (no CPE)range: >= 2.7.0, < 2.7.51
- (no CPE)range: >= 2.7.0, < 2.7.51
- (no CPE)range: >= 2.7.0, < 2.7.51
Patches
Vulnerability mechanics
References
11- github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737bnvdPatchWEB
- symfony.com/blog/cve-2019-10910-check-service-ids-are-validnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-pgwj-prpq-jpc2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10910ghsaADVISORY
- www.synology.com/security/advisory/Synology_SA_19_19nvdThird Party AdvisoryWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yamlghsaWEB
- github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afbghsaWEB
- github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243bghsaWEB
- symfony.com/cve-2019-10910ghsaWEB
News mentions
0No linked articles in our index yet.