CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/symfony/symfony/releases/tag/v4.3.8	Release Notes Third Party Advisory
https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3	Patch Third Party Advisory
https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter	Vendor Advisory
https://symfony.com/blog/symfony-4-3-8-released	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::

History

No history.

Information

Published : 2019-11-21 23:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-11325

Mitre link : CVE-2019-11325

CVE.ORG link : CVE-2019-11325

JSON object : View

Products Affected

sensiolabs

symfony

CWE

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2019-11325", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-11-21T23:15:13.297", "references": [{"url": "https://github.com/symfony/symfony/releases/tag/v4.3.8", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://symfony.com/blog/symfony-4-3-8-released", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Symfony versiones anteriores a 4.2.12 y versiones 4.3.x anteriores a 4.3.8. El componente VarExport escapa incorrectamente las cadenas, lo que permite a algunas especialmente dise\u00f1adas escalar a la ejecuci\u00f3n de c\u00f3digo PHP arbitrario. Esto est\u00e1 relacionado con el archivo symfony/var-exporter."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F412903-1875-4AC8-8F82-CFB28AADC6EE", "versionEndExcluding": "4.2.12", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEC6840E-59F4-4C6F-B1E0-C1935C15363E", "versionEndExcluding": "4.3.8", "versionStartIncluding": "4.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}