Search for packages
| purl | pkg:composer/symfony/process@7.0.0-BETA1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4num-z8cg-83gt | Symfony vulnerable to command execution hijack on Windows with Process class ### Description On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. ### Resolution The `Process` class now uses the absolute path to `cmd.exe`. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9) for branch 5.4. ### Credits We would like to thank Jordi Boggiano for reporting the issue and Nicolas Grekas for providing the fix. |
CVE-2024-51736
GHSA-qq5c-677p-737q |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:13:19.037079+00:00 | GitLab Importer | Fixing | VCID-4num-z8cg-83gt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/process/CVE-2024-51736.yml | 38.4.0 |
| 2026-04-12T00:31:48.815239+00:00 | GitLab Importer | Fixing | VCID-4num-z8cg-83gt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/process/CVE-2024-51736.yml | 38.3.0 |
| 2026-04-03T00:39:32.389094+00:00 | GitLab Importer | Fixing | VCID-4num-z8cg-83gt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/process/CVE-2024-51736.yml | 38.1.0 |