CVE-2019-10910

Published May 16th, 2019

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

symfony/symfony

The Symfony PHP framework

GitHub

31.1K