Vulnerability Description
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
NONE
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sensiolabs | Symfony | < 5.4.46 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737qVendor Advisory
- https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737qVendor Advisory
FAQ
What is CVE-2024-51736?
CVE-2024-51736 is a vulnerability with a CVSS score of 0.0 (NONE). Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it...
How severe is CVE-2024-51736?
CVE-2024-51736 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-51736?
Check the references section above for vendor advisories and patch information. Affected products include: Sensiolabs Symfony, Microsoft Windows.