Vulnerability DatabaseCVE-2024-51736
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-51736
November 06, 2024
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named "cmd.exe" is located in the current working directory it will be called by the "Process" class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related ResourcesĀ (7)
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml
https://symfony.com/cve-2024-51736
https://nvd.nist.gov/vuln/detail/CVE-2024-51736
https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
https://github.com/symfony/symfony
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml
https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9
Do you need more information?
Contact Us
Weakness Type (CWE)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
EPSS
Base Score:
0.60