CVE-2019-10912 — HIGH (7.1)

Q: How severe is CVE-2019-10912?

CVE-2019-10912 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10912?

Check the references section above for vendor advisories and patch information. Affected products include: Sensiolabs Symfony.

Vulnerability Description

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sensiolabs	Symfony	>= 2.8.0, < 2.8.50

Related Weaknesses (CWE)

CWE-502

References

FAQ

What is CVE-2019-10912?

CVE-2019-10912 is a vulnerability with a CVSS score of 7.1 (HIGH). In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could...

How severe is CVE-2019-10912?

CVE-2019-10912 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10912?

Check the references section above for vendor advisories and patch information. Affected products include: Sensiolabs Symfony.