[MEDIUM] Deserialization Gadget chain in Symfony sfNamespacedParameterHolder

PKSA-68pm-bv8g-8xct CVE-2024-28861 GHSA-pv9j-c53q-h433

Affected package: friendsofsymfony1/symfony1

Affected version: >=1.1.0,<1.5.19

Reported by:
FriendsOfPHP/security-advisories, GitHub