Vulnerability DatabaseCVE-2024-51736
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-51736
Published:November 06, 2024
Updated:May 17, 2026
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named "cmd.exe" is located in the current working directory it will be called by the "Process" class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Packages
symfony/process (PHP):
Affected version(s) >=v6.0.0 <v6.4.14
Fix Suggestion:
Update to version v6.4.14
symfony/process (PHP):
Affected version(s) >=v7.0.0 <v7.1.7
Fix Suggestion:
Update to version v7.1.7
symfony/symfony (PHP):
Affected version(s) >=v6.0.0 <v6.4.14
Fix Suggestion:
Update to version v6.4.14
symfony/process (PHP):
Affected version(s) >=v2.0.0 <v5.4.46
Fix Suggestion:
Update to version v5.4.46
symfony/symfony (PHP):
Affected version(s) >=v7.0.0 <v7.1.7
Fix Suggestion:
Update to version v7.1.7
Related Resources (7)
https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
https://symfony.com/cve-2024-51736
https://nvd.nist.gov/vuln/detail/CVE-2024-51736
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml
https://github.com/symfony/symfony
https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml
Do you need more information?
Contact Us
Weakness Type (CWE)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
EPSS
Base Score:
0.78