You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named "cmd.exe" is located in the current working directory it will be called by the "Process" class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-51736 - Low Severity Vulnerability
Vulnerable Library - symfony/process-v5.4.11
Executes commands in sub-processes
Library home page: https://api.github.com/repos/symfony/process/zipball/6e75fe6874cbc7e4773d049616ab450eff537bf1
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named "cmd.exe" is located in the current working directory it will be called by the "Process" class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Publish Date: 2024-11-06
URL: CVE-2024-51736
CVSS 3 Score Details (0.0)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2024-11-06
Fix Resolution: symfony/process - v5.4.46,v6.4.14,v7.1.7
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: