CVE-2024-28859 | FriendsOfSymfony1 symfony1 up to 1.5.17 __destruct deserialization (GHSA-wjv8-pxr6-5f4r)

Inserito da Angelo Barbosa | Mar 16, 2024 | CVE

A vulnerability classified as problematic has been found in FriendsOfSymfony1 symfony1 up to 1.5.17. Affected is the function __destruct. The manipulation leads to deserialization.

This vulnerability is traded as CVE-2024-28859. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28859 | FriendsOfSymfony1 symfony1 up to 1.5.17 __destruct deserialization (GHSA-wjv8-pxr6-5f4r)

Post correlati

CVE-2023-52658 | Linux Kernel up to 6.6.21/6.7.9 mlx5 denial of service (3fba8eab2cfc/1bcdd66d33ed/8deeefb24786)

CVE-2024-41658 | Casdoor up to 1.577.0 cross site scripting (GHSL-2024-035)

CVE-2024-8636 | Google Chrome up to 128.0.6613.119 Skia heap-based overflow

CVE-2024-47291 | Huawei HarmonyOS/EMUI ActivityManagerService Module permission