GHSA-7w53-hfpw-rg3g

Source

https://github.com/advisories/GHSA-7w53-hfpw-rg3g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7w53-hfpw-rg3g

Aliases

CVE-2013-1397

Published

2022-05-17T01:36:49Z

Modified

2025-04-14T22:12:04.021973Z

Summary

Symfony Arbitrary PHP code Execution

Details

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.

Database specific

{
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-28T23:40:22Z",
    "nvd_published_at": "2014-06-02T15:55:00Z",
    "severity": "HIGH"
}

References

Affected packages

Packagist

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0-BETA1

Fixed

2.2.0-BETA2

Affected versions

v2.*

v2.2.0-BETA1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json"

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.22

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.20

v2.0.21

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json"

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json"

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony/yaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.22

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.20

v2.0.21

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json"

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony/yaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json"

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony/yaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0-BETA1

Fixed

2.2.0-BETA2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json"