symfony/var-exporter is a blend of
serialize() to turn any serializable data structure to plain PHP code.
Affected versions of this package are vulnerable to Arbitrary Code Execution. Some strings were not properly escaped when being dumped by the
VarExporter component leading to remote code execution.
symfony/var-exporter to version 4.2.12, 4.3.8 or higher.