CVE-2013-1397

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/51980
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released	Vendor Advisory
http://www.securityfocus.com/bid/57574
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
http://secunia.com/advisories/51980
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released	Vendor Advisory
http://www.securityfocus.com/bid/57574
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sensiolabs:symfony:2.0.0:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.1:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.2:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.3:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.4:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.5:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.6:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.7:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.8:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.9:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.10:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.11:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.12:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.13:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.14:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.15:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.16:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.17:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.18:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.19:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.20:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.0.21:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.0:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.1:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.2:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.3:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.4:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.5:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.1.6:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.0:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.1:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.2:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.3:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.4:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.5:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.6:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.8:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.9:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.10:::::::*
	cpe:2.3:a:sensiolabs:symfony:2.2.11:::::::*

History

21 Nov 2024, 01:49

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/51980 -~~	() http://secunia.com/advisories/51980 -
References	~~() http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released - Vendor Advisory~~	() http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/57574 -~~	() http://www.securityfocus.com/bid/57574 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/81551 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/81551 -

Information

Published : 2014-06-02 15:55

Updated : 2024-11-21 01:49

NVD link : CVE-2013-1397

Mitre link : CVE-2013-1397

CVE.ORG link : CVE-2013-1397

JSON object : View

Products Affected

sensiolabs

symfony

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

7.5 /10