CVE-2019-11325: Improper Input Validation

November 21, 2019 (updated December 2, 2019)

The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code.

References

symfony.com/cve-2019-11325

Detect and mitigate CVE-2019-11325 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →