How severe is CVE-2019-18888?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-18888?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2019-18888 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

Related Vulnerabilities

CVE-2016-1000222

HIGH

CVSS:7.5(High)

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

CWE-882016

CVE-2018-11019

HIGH

CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /...

CWE-882018

CVE-2018-11021

HIGH

CVSS:7.5(High)

kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on dev...

CWE-882018

CVE-2018-11022

HIGH

CVSS:7.5(High)

CWE-882018

CVE-2018-11023

HIGH

CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device ...

CWE-882018

CVE-2018-11024

HIGH

CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device ...

CWE-882018