Description
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Remediation
References
Related Vulnerabilities
Joomla! Core Arbitrary File Upload (2.5.0 - 3.8.7)
WordPress Plugin Product Catalog Unspecified Vulnerability (3.1.3)
WordPress Plugin SEO Backlinks Cross-Site Request Forgery (4.0.1)
WordPress Plugin Contextual Related Posts Cross-Site Scripting (3.3.0)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29209)