VYPR
High severityNVD Advisory· Published Nov 21, 2019· Updated Aug 5, 2024

CVE-2019-18888

CVE-2019-18888

Description

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
symfony/http-foundationPackagist
>= 2.0.0, < 2.8.522.8.52
symfony/http-foundationPackagist
>= 3.0.0, < 3.4.353.4.35
symfony/http-foundationPackagist
>= 4.0.0, < 4.2.124.2.12
symfony/http-foundationPackagist
>= 4.3.0, < 4.3.84.3.8
symfony/mimePackagist
>= 4.3.0, < 4.3.84.3.8
symfony/symfonyPackagist
>= 2.0.0, < 2.8.522.8.52
symfony/symfonyPackagist
>= 3.0.0, < 3.4.353.4.35
symfony/symfonyPackagist
>= 4.0.0, < 4.2.124.2.12
symfony/symfonyPackagist
>= 4.3.0, < 4.3.84.3.8

Affected products

4

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.