CVE-2024-51736
CVE-2024-51736
Título es
CVE-2024-51736
Mié, 06/11/2024 – 21:15
Tipo
CWE-77
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-51736
Descripción en
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
06/11/2024
06/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
0.00
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
NONE
Referencias
Enviar en el boletín
Off
