CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Configurations

Configuration 1

cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*

Information

Published : 2019-11-21 11:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-11325

Mitre link : CVE-2019-11325

Products Affected
No products.
CWE
CWE-116

Improper Encoding or Escaping of Output