Command Injection #60485

MadhumithaSTR · 2025-05-20T06:08:27Z

MadhumithaSTR
May 20, 2025

Hi Team, I'm encountering a Command Injection vulnerability in the Symfony/Component/Intl/Resources/bin/update-data.php file, specifically at lines 169 and 173. The issue is described as: Unsanitized input from an HTTP header flows into exec, where it is used to build a shell command. This may result in a Command Injection vulnerability.
I'm currently using Symfony version 6.4, and I have also tested this with the latest version, but the issue persists.
Could you please help me resolve this? Thanks in advance!
File link : (https://github.com/symfony/symfony/blob/6.4/src/Symfony/Component/Intl/Resources/bin/update-data.php)

Answered by mbabker

May 20, 2025

If you think that you have found a security issue in Symfony, don't use the bug tracker and don't publish it publicly. Instead, all security issues must be sent to security [at] symfony.com.

https://symfony.com/doc/current/contributing/code/security.html

View full answer

mbabker · 2025-05-20T13:27:57Z

mbabker
May 20, 2025

If you think that you have found a security issue in Symfony, don't use the bug tracker and don't publish it publicly. Instead, all security issues must be sent to security [at] symfony.com.

https://symfony.com/doc/current/contributing/code/security.html

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Command Injection #60485

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Command Injection #60485

Uh oh!

MadhumithaSTR May 20, 2025

Replies: 1 comment

Uh oh!

mbabker May 20, 2025

MadhumithaSTR
May 20, 2025

mbabker
May 20, 2025