QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10912

Published: May 16, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized

x_refsource_CONFIRM

FEDORA-2019-0ef4149687

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-f5d6a7ce74

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-2a7f472198

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-8635280de5

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-3ee6a7adf2

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-a3ca65028c

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-f8db687840

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-32067d8b15

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

20190510 [SECURITY] [DSA 4441-1] symfony security update

mailing-list

x_refsource_BUGTRAQ

https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b

x_refsource_CONFIRM

https://typo3.org/security/advisory/typo3-core-sa-2019-016/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.