admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-109xx/CVE-2019-10909.json

210 lines
6.5 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2019-10909",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-05-16T22:29:00.283",
Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00
"lastModified": "2024-11-21T04:20:06.800",
"vulnStatus": "Modified",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle."
},
{
"lang": "es",
"value": "En Symfony anterior de la versi\u00f3n 2.7.51, versi\u00f3n 2.8.x anterior de 2.8.50, versi\u00f3n 3.x anterior de 3.4.26, versi\u00f3n 4.x anterior de 4.1.12 y versi\u00f3n 4.2.x anterior de 4.2.7, los mensajes de validaci\u00f3n no son evadidos, lo que puede llevar a una vulnerabilidad de XSS cuando una entrada del usuario sea incluida. Esto est\u00e1 relacionado con symfony/framework-bundle"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
bootstrap
2023-04-24 12:24:31 +02:00
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00
"availabilityImpact": "NONE"
bootstrap
2023-04-24 12:24:31 +02:00
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00
"baseScore": 3.5,
bootstrap
2023-04-24 12:24:31 +02:00
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00
"availabilityImpact": "NONE"
bootstrap
2023-04-24 12:24:31 +02:00
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.51",
"matchCriteriaId": "A86884C0-A185-4CCF-AB21-1D1529AEDAED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndExcluding": "2.8.50",
"matchCriteriaId": "A4716654-1055-44B3-8E51-5BC0E739E0CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.0",
"versionEndExcluding": "3.4.26",
"matchCriteriaId": "CF53486E-FAAC-40B3-82CE-4EDCD2C96690"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.12",
"matchCriteriaId": "25A92454-6E0B-4BDE-8967-BB3E32125102"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.7",
"matchCriteriaId": "53E58B92-6D5D-4949-B75F-687F52961FDA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.15",
"matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0",
"versionEndExcluding": "8.6.15",
"matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.drupal.org/sa-core-2019-005",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00
},
{
"url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.drupal.org/sa-core-2019-005",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink