← back
CVE-2019-10910

CVE-2019-10910

EPSS 5.5%
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737bhttps://symfony.com/blog/cve-2019-10910-check-service-ids-are-validhttps://www.synology.com/security/advisory/Synology_SA_19_19