symfony/process

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting symfony/processpage 1 of 1

CVE-2024-51736NONECVSS 0.0EG 0.0✓ Fixed in 7.1.7
2024-11-06
vulnerable: v7.0.0 ... v7.1.6 (13 versions)
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class …
CVE-2026-24739MEDIUMCVSS 6.3EG 6.3✓ Fixed in 5.4.51
2026-01-28
vulnerable: 2.0.4 ... v5.4.8 (544 versions)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=…

Check whether symfony/process is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/process CVEs against the assets you own.

Start Free Scan →