Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. symfony/yaml
  4. ›
  5. CVE-2013-1348

CVE-2013-1348: Code Injection

June 2, 2014 (updated August 28, 2017)

The Yaml::parse function in Symfony remote attackers to execute arbitrary PHP code via a PHP file.

References

  • symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released

Detect and mitigate CVE-2013-1348 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 2.0.0 before 2.0.22

Fixed versions

  • 2.0.22

Solution

Upgrade to version 2.0.22 or above.

Impact 7.5 HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Learn more about CVSS

Weakness

  • CWE-94: Improper Control of Generation of Code ('Code Injection')

Source file

packagist/symfony/yaml/CVE-2013-1348.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Tue, 03 Dec 2024 12:15:29 +0000.