CVE-2019-10913

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10913
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10913.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10913
Aliases
Downstream
Published
2019-05-16T22:29:00.673Z
Modified
2026-04-10T04:13:59.346317Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
9975b1eca3de4db792a2c3e4e16f676a4aadcd46
Fixed
20f9c87a12a0749ad3a96da256b4d0f95aad4beb
Introduced
5615b92cd452cd54f1433a3f53de87c096a1107f
Fixed
2ef4e09343bdbdee0a7968f58b8ec594ce0aa47d
Introduced
0a47db379b8cc74cdd84e1e6870fafc4a4ac8351
Fixed
1b89e7baec9891c323bbf1ec81af77d901fc60c9
Introduced
58261043876feb695640457c5675bb331a6eb3b7
Fixed
482d06316077da115e5dac2afd2a7ce9f5f100f7
Introduced
7bd9a1bae87e6b2d7eba499ebf3053ff4bc3a483
Fixed
6122c791d640b75702514c18c8aae816dbbefae2
Fixed
944e60f083c3bffbc6a0b5112db127a10a66a8ec
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.51"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.50"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.26"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.12"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.7"
        }
    ]
}

Affected versions

v2.*
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.50
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.4.0
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10913.json"