Packagist (Composer) package
symfony/cache
pkg:composer/symfony/cache
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-18889 | — | >= 3.1.0, < 3.4.35 | 3.4.35 | Nov 21, 2019 | An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. | ||
| CVE-2019-10912 | — | >= 3.1.0, < 3.4.26 | 3.4.26 | May 16, 2019 | In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is re |
- CVE-2019-18889Nov 21, 2019affected >= 3.1.0, < 3.4.35fixed 3.4.35
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
- CVE-2019-10912May 16, 2019affected >= 3.1.0, < 3.4.26fixed 3.4.26
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is re