92
Affected versions of this package are vulnerable to uploading files with a dangerous type. A user could easily bypass the MIME_TYPE check and upload a polyglot file (a mixed of php/png file), this could lead to remote code execution on the server and allow a malicious user to run code on the server.
You're affected if you are using a version which is within vulnerability ranges.
Upgrade vich/uploader-bundle library to patch version.