admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-109xx/CVE-2019-10910.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

196 lines
6.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-10910",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-05-16T22:29:00.407",
"lastModified": "2024-11-21T04:20:07.760",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection."
},
{
"lang": "es",
"value": "En Symfony antes de 2.7.51, 2.8.x antes de 2.8.50, 3.x antes de 3.4.26, 4.x antes de 4.1.12 y 4.2.x antes de 4.2.7, cuando los identificadores de servicio permiten la entrada del usuario, esto podr\u00eda permitir una inyecci\u00f3n SQL y ejecuci\u00f3n remota de c\u00f3digo. Esto est\u00e1 relacionado con Symfony / dependency-inyection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.51",
"matchCriteriaId": "A86884C0-A185-4CCF-AB21-1D1529AEDAED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndExcluding": "2.8.50",
"matchCriteriaId": "A4716654-1055-44B3-8E51-5BC0E739E0CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.0",
"versionEndExcluding": "3.4.26",
"matchCriteriaId": "CF53486E-FAAC-40B3-82CE-4EDCD2C96690"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.12",
"matchCriteriaId": "25A92454-6E0B-4BDE-8967-BB3E32125102"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.7",
"matchCriteriaId": "53E58B92-6D5D-4949-B75F-687F52961FDA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.15",
"matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0",
"versionEndExcluding": "8.6.15",
"matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink