CVE-2024-51736 (Low) detected in symfony/process-v3.4.47 #8830
Labels
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2024-51736 - Low Severity Vulnerability
Symfony Process Component
Library home page: https://api.github.com/repos/symfony/process/zipball/b8648cf1d5af12a44a51d07ef9bf980921f15fca
Dependency Hierarchy:
Found in HEAD commit: cba076465f44b6a819e3cff7986ff4cd21a66371
Found in base branch: main
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named "cmd.exe" is located in the current working directory it will be called by the "Process" class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Publish Date: 2024-11-06
URL: CVE-2024-51736
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2024-11-06
Fix Resolution: symfony/process - v5.4.46,v6.4.14,v7.1.7
The text was updated successfully, but these errors were encountered: