VDB
CVE-2019-11325
CVE-2019-11325
REJECTED
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
EPSS 4.69% · 89.5th percentile
Risk Scores
EPSS Score
4.69%
89.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | symfony | 0, * |
Exploit Intelligence
Timeline
- Nov 21, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11325 third-party-advisory
- https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter third-party-advisory
- https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11325 third-party-advisory