Search for packages
| purl | pkg:composer/symfony/cache@3.4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-g1yv-sk44-n3fu | Deserialization of untrusted data in Symfony In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge. |
CVE-2019-10912
GHSA-w2fr-65vp-mxw3 |
| VCID-qr3v-jkjd-qfb1 | Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. |
CVE-2019-18889
GHSA-79gr-58r3-pwm3 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T17:37:30.185643+00:00 | GitLab Importer | Fixing | VCID-qr3v-jkjd-qfb1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-18889.yml | 37.0.0 |
| 2025-07-03T17:34:04.205474+00:00 | GitLab Importer | Fixing | VCID-g1yv-sk44-n3fu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-10912.yml | 37.0.0 |
| 2025-07-03T13:54:53.941568+00:00 | GitLab Importer | Fixing | VCID-qr3v-jkjd-qfb1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-18889.yml | 36.1.3 |
| 2025-07-01T18:11:38.121929+00:00 | GitLab Importer | Fixing | VCID-g1yv-sk44-n3fu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/cache/CVE-2019-10912.yml | 36.1.3 |