CVE-2013-1397: Code Injection

June 2, 2014 (updated August 28, 2017)

Symfony allows remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml arser::parse function.

References

symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released

Detect and mitigate CVE-2013-1397 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →