VulnerableCode Package Details - pkg:composer/symfony/cache@4.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4mkw-tv16-jyca Aliases: CVE-2019-10912 GHSA-w2fr-65vp-mxw3	Deserialization of Untrusted Data In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.	4.1.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9rsx-fscb-6fh3 Aliases: CVE-2019-18889 GHSA-79gr-58r3-pwm3	Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.	4.2.12 Affected by 0 other vulnerabilities. 4.3.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4mkw-tv16-jyca
Aliases:
CVE-2019-10912
GHSA-w2fr-65vp-mxw3

Deserialization of Untrusted Data In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.

4.1.12
Affected by 2 other vulnerabilities.

4.2.7
Affected by 1 other vulnerability.

VCID-9rsx-fscb-6fh3
Aliases:
CVE-2019-18889
GHSA-79gr-58r3-pwm3

Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

4.2.12
Affected by 0 other vulnerabilities.

4.3.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:58:54.814241+00:00	GitLab Importer	Affected by	VCID-9rsx-fscb-6fh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-18889.yml	38.4.0
2026-04-16T20:54:21.841675+00:00	GitLab Importer	Affected by	VCID-4mkw-tv16-jyca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-10912.yml	38.4.0
2026-04-11T22:10:05.897079+00:00	GitLab Importer	Affected by	VCID-9rsx-fscb-6fh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-18889.yml	38.3.0
2026-04-11T22:05:19.797248+00:00	GitLab Importer	Affected by	VCID-4mkw-tv16-jyca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-10912.yml	38.3.0
2026-04-02T22:22:41.897070+00:00	GitLab Importer	Affected by	VCID-9rsx-fscb-6fh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-18889.yml	38.1.0
2026-04-02T22:18:12.142504+00:00	GitLab Importer	Affected by	VCID-4mkw-tv16-jyca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-10912.yml	38.1.0
2026-04-01T16:40:28.321746+00:00	GitLab Importer	Affected by	VCID-9rsx-fscb-6fh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-18889.yml	38.0.0
2026-04-01T15:57:55.205256+00:00	GHSA Importer	Affected by	VCID-4mkw-tv16-jyca	https://github.com/advisories/GHSA-w2fr-65vp-mxw3	38.0.0
2026-04-01T15:57:47.396001+00:00	GHSA Importer	Affected by	VCID-9rsx-fscb-6fh3	https://github.com/advisories/GHSA-79gr-58r3-pwm3	38.0.0
2026-04-01T12:48:28.217276+00:00	GitLab Importer	Affected by	VCID-4mkw-tv16-jyca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-10912.yml	38.0.0