ByteOS Network

NVD Vulnerability Details :

CVE-2024-51736

Analyzed

Source-security-advisories@github.com

Published At-06 Nov, 2024 | 21:15

Updated At-04 Sep, 2025 | 16:08

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	0.0	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 0.0

Base severity: NONE

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

sensiolabs>>symfony>>Versions before 5.4.46(exclusive)

cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*

sensiolabs>>symfony>>Versions from 6.0.0(inclusive) to 6.4.14(exclusive)

cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*

sensiolabs>>symfony>>Versions from 7.0.0(inclusive) to 7.1.7(exclusive)

cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*