Search criteria
Related vulnerabilities
GHSA-WFV7-5X33-V22H
Vulnerability from github – Published: 2024-05-30 00:21 – Updated: 2024-05-30 00:21
VLAI
Summary
Code injection in the way Symfony implements translation caching in FrameworkBundle
Details
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle.
-
Your Symfony application is vulnerable if you meet the following conditions:
-
You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance); You don't sanitize locales coming from a URL (any route with a _locale argument for instance):
When vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That's because the locale value is dumped into a PHP file generated in the cache without being sanitized first.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/framework-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.3.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/framework-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/framework-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.3.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-4931"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-30T00:21:25Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Deruss\u00e9](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle.\n\n- Your Symfony application is vulnerable if you meet the following conditions:\n\n- You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance);\nYou don\u0027t sanitize locales coming from a URL (any route with a _locale argument for instance):\n\nWhen vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That\u0027s because the locale value is dumped into a PHP file generated in the cache without being sanitized first.",
"id": "GHSA-wfv7-5x33-v22h",
"modified": "2024-05-30T00:21:25Z",
"published": "2024-05-30T00:21:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml"
},
{
"type": "WEB",
"url": "https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Code injection in the way Symfony implements translation caching in FrameworkBundle"
}
GSD-2014-4931
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4931",
"id": "GSD-2014-4931"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-4931"
],
"id": "GSD-2014-4931",
"modified": "2023-12-13T01:22:45.084361Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4931",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=2.0.0,\u003c2.4.8||\u003e=2.5.0,\u003c2.5.2",
"affected_versions": "All versions starting from 2.0.0 before 2.4.8, all versions starting from 2.5.0 before 2.5.2",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2014-07-15",
"description": "Code injection in the way Symfony implements translation caching in FrameworkBundle.",
"fixed_versions": [
"2.4.8",
"2.5.2"
],
"identifier": "CVE-2014-4931",
"identifiers": [
"CVE-2014-4931"
],
"not_impacted": "All versions before 2.0.0, all versions starting from 2.4.8 before 2.5.0, all versions starting from 2.5.2",
"package_slug": "packagist/symfony/framework-bundle",
"pubdate": "2014-07-15",
"solution": "Upgrade to versions 2.4.8, 2.5.2 or above.",
"title": "Code Injection",
"urls": [
"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"
],
"uuid": "9fb8540d-a467-4914-b5eb-42685674e644"
},
{
"affected_range": "\u003e=2.0.0,\u003c2.4.9||\u003e=2.5.0,\u003c2.5.4",
"affected_versions": "All versions starting from 2.0.0 before 2.4.9, all versions starting from 2.5.0 before 2.5.4",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2014-07-26",
"description": "Code injection in the way Symfony implements translation caching in `FrameworkBundle`.",
"fixed_versions": [
"2.4.9",
"2.5.4"
],
"identifier": "CVE-2014-4931",
"identifiers": [
"CVE-2014-4931"
],
"not_impacted": "All versions before 2.0.0, all versions starting from 2.4.9 before 2.5.0, all versions starting from 2.5.4",
"package_slug": "packagist/symfony/symfony",
"pubdate": "2014-07-26",
"solution": "Upgrade to versions 2.4.9, 2.5.4 or above.",
"title": "Code Injection",
"urls": [
"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"
],
"uuid": "32c180de-5f9c-4724-89e8-771338a0f8ff"
}
]
}
}
}