CVE-2019-18888
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).
Se detectó un problema en Symfony versiones 2.8.0 hasta 2.8.50, 3.4.0 hasta 3.4.34, 4.2.0 hasta 4.2.11 y 4.3.0 hasta 4.3.7. Si una aplicación pasa una entrada de usuario no validada como el archivo para el que debe llevarse a cabo la validación de tipo MIME, entonces argumentos arbitrarios son pasados al comando de archivo subyacente. Esto está relacionado con el archivo symfony/http-foundation (y el archivo symfony/mime en versiones 4.3.x).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-12 CVE Reserved
- 2019-11-19 CVE Published
- 2024-03-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/symfony/symfony/releases/tag/v4.3.8 | Release Notes | |
https://symfony.com/blog/symfony-4-3-8-released | Release Notes |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.8.0 <= 2.8.50 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.8.0 <= 2.8.50" | - |
Affected
| ||||||
Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 3.4.0 <= 3.4.34 Search vendor "Sensiolabs" for product "Symfony" and version " >= 3.4.0 <= 3.4.34" | - |
Affected
| ||||||
Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.2.0 <= 4.2.11 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.2.0 <= 4.2.11" | - |
Affected
| ||||||
Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.3.0 <= 4.3.7 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.3.0 <= 4.3.7" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
|