CVE-2019-18889

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-18889
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18889.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18889
Aliases
Downstream
Published
2019-11-21T23:15:13.607Z
Modified
2026-02-24T01:18:19.172045Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

References

Affected packages

Git / github.com/symfony/security-http

Affected ranges

Type
GIT
Repo
https://github.com/symfony/security-http
Events
Introduced
13594beb3faaeea891aaae9eeea8ffde16a99faf
Last affected
a2f67dfe0ecfb713734847f4ada0f4231e28ae71
Introduced
33c98765dc6fec4907b7431d10e3c0945f061108
Last affected
8b123e7469953fa8e4112a02692dde2b6fdb0a7f
Introduced
34e089af7d363bd2ded8ad15f06b2b97348b97e5
Last affected
a3eddd912d93a8c77ffee2b31448e13864257f4e

Affected versions

v2.*
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.50
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v3.*
v3.3.15
v3.3.16
v3.4.0
v3.4.0-RC1
v3.4.0-RC2
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.26
v3.4.27
v3.4.28
v3.4.29
v3.4.3
v3.4.30
v3.4.31
v3.4.32
v3.4.33
v3.4.34
v3.4.35
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-BETA1
v4.2.0-BETA2
v4.2.0-RC1
v4.2.1
v4.2.10
v4.2.11
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-RC1
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18889.json"

Git / github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
0a47db379b8cc74cdd84e1e6870fafc4a4ac8351
Last affected
c461582064eabe9b93b225be589dd6740620ce0f
Introduced
0bf8d128ef3c492436ab5f1b7c7b130f9e96aad2
Last affected
fb4065ac95f08ca26ee605936e537ba2cd4a6bb7
Introduced
7bd9a1bae87e6b2d7eba499ebf3053ff4bc3a483
Last affected
2ba6f17744ee8649ac107039f64d1ee4c959bf32

Affected versions

v2.*
v2.7.39
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v3.*
v3.3.14
v3.3.15
v3.4.0
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.26
v3.4.27
v3.4.28
v3.4.29
v3.4.3
v3.4.30
v3.4.31
v3.4.32
v3.4.33
v3.4.34
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.1
v4.1.10
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-BETA1
v4.2.0-BETA2
v4.2.0-RC1
v4.2.1
v4.2.10
v4.2.11
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18889.json"