CVE-2018-19789

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-19789
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19789.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-19789
Aliases
Downstream
Published
2018-12-18T22:29:04.947Z
Modified
2026-04-10T04:09:53.604752Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method (e.g. setName(string $name)) of a class that's the data_class of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then UploadedFile::__toString() is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
9975b1eca3de4db792a2c3e4e16f676a4aadcd46
Fixed
0848ce2c7f3c3ba6cece3f9457a96b176b05860c
Introduced
5615b92cd452cd54f1433a3f53de87c096a1107f
Fixed
f8ac64c075a36bedd0de43192d9601c20b99716e
Introduced
eb2a4f5f7a09fc4ce7a74ae883a8cf8a279614f5
Fixed
f6b8ddc362b1cf3fb06548693c3adbb736092412
Introduced
26ca7023b1c45dce951da7206ed70049267d27bc
Fixed
a1cce5a8b410d3a760bd86bf9250236858a7905d
Introduced
58261043876feb695640457c5675bb331a6eb3b7
Fixed
9993cdc7e9358e57a9c09d636fbe92ed9e797315
Introduced
7bd9a1bae87e6b2d7eba499ebf3053ff4bc3a483
Fixed
cadb4e8e3cb8dc472bf9f6c6a7419f0f280255b6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2e913a829cfbbf9cb38b321bdff1806b44b192eb
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.50"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.49"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.4.20"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.15"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.9"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        }
    ]
}

Affected versions

v2.*
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.0.0
v3.2.0-BETA1
v3.2.0-RC1
v3.3.0-BETA1
v3.4.0
v3.4.0-BETA1
v3.4.0-BETA2
v3.4.0-BETA3
v3.4.0-BETA4
v3.4.0-RC1
v3.4.0-RC2
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.2.0
v4.2.0-BETA1
v4.2.0-BETA2
v4.3.0-BETA1
v5.*
v5.0.0-BETA1
v5.0.0-BETA2
v5.0.0-RC1
v5.1.0-BETA1
v5.2.0-BETA1
v5.2.0-BETA2
v5.2.0-BETA3
v5.3.0-BETA1
v5.3.0-BETA2
v5.3.0-BETA3
v5.3.0-BETA4
v6.*
v6.0.0-BETA1
v6.0.0-BETA2
v6.0.0-BETA3
v6.0.0-RC1
v6.1.0-BETA1
v6.1.0-BETA2
v6.1.0-RC1
v6.2.0-BETA1
v6.2.0-BETA2
v6.2.0-BETA3
v6.3.0-BETA1
v6.3.0-BETA2
v6.3.0-BETA3
v6.3.0-RC1
v7.*
v7.0.0-BETA1
v7.0.0-BETA2
v7.0.0-BETA3
v7.0.0-RC1
v7.1.0-BETA1
v7.1.0-RC1
v7.2.0-BETA1
v7.2.0-BETA2
v7.2.0-RC1
v7.3.0-BETA1
v7.3.0-BETA2
v7.3.0-RC1
v8.*
v8.0.0
v8.0.0-BETA1
v8.0.0-BETA2
v8.0.0-RC1
v8.0.0-RC2
v8.0.0-RC3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19789.json"