VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3afm-66r3-c3by

Essentials
Severities (24)
References (21)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3afm-66r3-c3by
Aliases	CVE-2019-10910 GHSA-pgwj-prpq-jpc2
Summary	Symfony Service IDs Allow Injection In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

System	Score	Found at
epss	0.18147	https://api.first.org/data/v1/epss?cve=CVE-2019-10910
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-pgwj-prpq-jpc2
cvssv3.1	9.8	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
generic_textual	CRITICAL	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
cvssv3.1	9.8	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
generic_textual	CRITICAL	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
cvssv3.1	9.8	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
generic_textual	CRITICAL	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
cvssv3.1	9.8	https://github.com/symfony/symfony
generic_textual	CRITICAL	https://github.com/symfony/symfony
cvssv3.1	9.8	https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
generic_textual	CRITICAL	https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
cvssv3.1	9.8	https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
generic_textual	CRITICAL	https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
cvssv3.1	9.8	https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
generic_textual	CRITICAL	https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-10910
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2019-10910
cvssv3.1	9.8	https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
generic_textual	CRITICAL	https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
cvssv3.1	9.8	https://symfony.com/cve-2019-10910
generic_textual	CRITICAL	https://symfony.com/cve-2019-10910
cvssv3.1	9.8	https://www.synology.com/security/advisory/Synology_SA_19_19
generic_textual	CRITICAL	https://www.synology.com/security/advisory/Synology_SA_19_19

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2019-10910
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
		https://github.com/symfony/symfony
		https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
		https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
		https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
		https://nvd.nist.gov/vuln/detail/CVE-2019-10910
		https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
		https://symfony.com/cve-2019-10910
		https://www.synology.com/security/advisory/Synology_SA_19_19
GHSA-pgwj-prpq-jpc2		https://github.com/advisories/GHSA-pgwj-prpq-jpc2

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/symfony/symfony

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10910

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://symfony.com/cve-2019-10910

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.synology.com/security/advisory/Synology_SA_19_19

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.94875
EPSS Score	0.18147
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:22:11.305876+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-pgwj-prpq-jpc2/GHSA-pgwj-prpq-jpc2.json	36.1.3