CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-21 23:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-11325

Mitre link : CVE-2019-11325

CVE.ORG link : CVE-2019-11325


JSON object : View

Products Affected

sensiolabs

  • symfony
CWE
CWE-116

Improper Encoding or Escaping of Output