CVE-2019-10910

Sažetak

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

Reference

https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
https://www.synology.com/security/advisory/Synology_SA_19_19

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2021 - 16:23

Objavljeno

16-05-2019 - 22:29