Back to search
CVE-2019-18888
Published: Nov 21, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://symfony.com/blog/symfony-4-3-8-released
x_refsource_CONFIRM
https://github.com/symfony/symfony/releases/tag/v4.3.8
x_refsource_CONFIRM
FEDORA-2019-9c2ad3b018
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-5ae4fd9203
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-8b0ba02338
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now