CVE-2018-19789

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-19789

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19789.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-19789

Aliases

GHSA-x3cf-w64x-4cp2

Related

Published

2018-12-18T22:29:04Z

Modified

2024-09-18T02:59:41.304550Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method (e.g. setName(string $name)) of a class that's the data_class of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then UploadedFile::__toString() is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.

References

Affected packages

Debian:11 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.20+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.20+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.20+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/symfony/security-http

Affected ranges

Type: GIT
Repo: https://github.com/symfony/security-http
Events: Introduced

946668ddc1fa0279fe03e2c090ebc29881f12ddb

Fixed

f56f12f983148be8739112509fa8578bca3b81de

Type: GIT
Repo: https://github.com/symfony/symfony
Events: Introduced

58261043876feb695640457c5675bb331a6eb3b7

Fixed

9993cdc7e9358e57a9c09d636fbe92ed9e797315

Affected versions

v2.*

v2.7.48

v2.7.49

v2.7.50

v2.8.42

v2.8.43

v2.8.44

v2.8.45

v2.8.46

v2.8.47

v2.8.48

v2.8.49

v3.*

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.16

v3.4.17

v3.4.18

v3.4.19

v3.4.20

v4.*

v4.0.12

v4.0.13

v4.0.14

v4.1.0

v4.1.0-BETA3

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8