CVE-2019-10912

Priority
Description
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x
before 4.2.7, it is possible to cache objects that may contain bad user
input. On serialization or unserialization, this could result in the
deletion of files that the current user has access to. This is related to
symfony/cache and symfony/phpunit-bridge.
Notes
Package
Upstream:released (3.4.22+dfsg-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (3.4.22+dfsg-2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (3.4.22+dfsg-2)
Patches:
Upstream:https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
More Information

Updated: 2020-09-09 22:37:59 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)