CVE-2024-36610
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 29, 2024
Updated: Dec 3, 2024
CWE ID 94
Summary
CVE-2024-36610 is a deserialization vulnerability identified in the Stub class of the VarDumper module in Symfony v7.0.3. This issue arises from inadequacies in the original implementation when dealing with properties having null or uninitialized values. Malicious actors could exploit this weakness by delivering tailored serialized data, potentially resulting in unauthorized code execution. However, it is important to note that the Supplier has since determined this to be a false report.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Symfony
Affected Vendors
- SensioLabs