Input validation error in Symfony - CVE-2013-4751
Published: November 1, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30718
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2013-4751
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SensioLabs
Affected software:
Symfony
Symfony
Detailed vulnerability description
The vulnerability allows a remote authenticated user to read and manipulate data.
php-symfony2-Validator has loss of information during serialization
How to mitigate CVE-2013-4751
Install update from vendor's website.
Sources
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html
- http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
- http://www.securityfocus.com/bid/61709
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86364