VYPR
Critical severityNVD Advisory· Published Nov 21, 2019· Updated Aug 4, 2024

CVE-2019-11325

CVE-2019-11325

Description

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
symfony/symfonyPackagist
>= 4.2.0, < 4.2.124.2.12
symfony/symfonyPackagist
>= 4.3.0, < 4.3.84.3.8
symfony/var-exporterPackagist
>= 4.2.0, < 4.2.124.2.12
symfony/var-exporterPackagist
>= 4.3.0, < 4.3.84.3.8

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.