CVE-2024-36610

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 29, 2024
Updated: Dec 3, 2024
CWE ID 94

Summary

CVE-2024-36610 is a deserialization vulnerability identified in the Stub class of the VarDumper module in Symfony v7.0.3. This issue arises from inadequacies in the original implementation when dealing with properties having null or uninitialized values. Malicious actors could exploit this weakness by delivering tailored serialized data, potentially resulting in unauthorized code execution. However, it is important to note that the Supplier has since determined this to be a false report.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share