CVE-2019-10910

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10910
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10910.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10910
Aliases
Downstream
Published
2019-05-16T22:29:00.407Z
Modified
2026-04-10T04:13:58.379283Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
b73ab73d39dca97a12513e8a9e4f4da4b0676f5f
Fixed
c5bc3922f27c93ab3669428a504212adb801400f
Introduced
9b04d294324d9c76be4b596de4316cb8804e8223
Fixed
91ded4b7776e05ee9633bdc1c458b41c718133e0
Database specific 
{
    "versions": [
        {
            "introduced": "8.5.0"
        },
        {
            "fixed": "8.5.15"
        },
        {
            "introduced": "8.6.0"
        },
        {
            "fixed": "8.6.15"
        }
    ]
}
Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
9975b1eca3de4db792a2c3e4e16f676a4aadcd46
Fixed
20f9c87a12a0749ad3a96da256b4d0f95aad4beb
Introduced
5615b92cd452cd54f1433a3f53de87c096a1107f
Fixed
2ef4e09343bdbdee0a7968f58b8ec594ce0aa47d
Introduced
0a47db379b8cc74cdd84e1e6870fafc4a4ac8351
Fixed
1b89e7baec9891c323bbf1ec81af77d901fc60c9
Introduced
58261043876feb695640457c5675bb331a6eb3b7
Fixed
482d06316077da115e5dac2afd2a7ce9f5f100f7
Introduced
7bd9a1bae87e6b2d7eba499ebf3053ff4bc3a483
Fixed
6122c791d640b75702514c18c8aae816dbbefae2
Fixed
d2fb5893923292a1da7985f0b56960b5bb10737b
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.51"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.50"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.26"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.12"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.7"
        }
    ]
}

Affected versions

8.*
8.5.0
8.5.12
8.5.13
8.5.14
8.5.4
8.5.5
8.5.7
8.6.0
8.6.1
8.6.11
8.6.12
8.6.14
8.6.3
8.6.4
8.6.5
8.6.8
8.6.9
v2.*
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.50
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.4.0
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10910.json"