CVE-2019-10912

HIGH Year: 2019
CVSS v3 Score
7.1
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.

Related Vulnerabilities

CVE-2018-15686

HIGH
CVSS:7.0(High)

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and...

CWE-5022018

CVE-2020-9484

HIGH
CVSS:7.0(High)

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; a...

CWE-5022020

CVE-2021-35095

HIGH
CVSS:7.0(High)

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobil...

CWE-5022021

CVE-2025-30378

HIGH
CVSS:7.0(High)

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CWE-5022025

CVE-2025-30384

HIGH
CVSS:7.0(High)

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CWE-5022025

CVE-2015-5164

HIGH
CVSS:7.2(High)

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code ...

CWE-5022015