| 0 |
| url |
VCID-15tu-dfam-yqgh |
| vulnerability_id |
VCID-15tu-dfam-yqgh |
| summary |
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-15tu-dfam-yqgh |
|
| 1 |
| url |
VCID-1y96-v19f-tkgg |
| vulnerability_id |
VCID-1y96-v19f-tkgg |
| summary |
Improper Input Validation
An issue was discovered in `HttpKernel` in Symfony When using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.18 |
| purl |
pkg:composer/symfony/symfony@3.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 5 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 13 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14774, GHSA-66p6-7p29-55p9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1y96-v19f-tkgg |
|
| 2 |
| url |
VCID-23hr-yznx-c3fb |
| vulnerability_id |
VCID-23hr-yznx-c3fb |
| summary |
Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10911, GHSA-cchx-mfrc-fwqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb |
|
| 3 |
| url |
VCID-37et-21qw-skd7 |
| vulnerability_id |
VCID-37et-21qw-skd7 |
| summary |
Improper Input Validation
If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18888, GHSA-xhh6-956q-4q69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7 |
|
| 4 |
| url |
VCID-4f9e-eg67-cqbr |
| vulnerability_id |
VCID-4f9e-eg67-cqbr |
| summary |
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr |
|
| 5 |
| url |
VCID-6c6t-kmb3-2qcm |
| vulnerability_id |
VCID-6c6t-kmb3-2qcm |
| summary |
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm |
|
| 6 |
| url |
VCID-7m45-bvbn-4qd3 |
| vulnerability_id |
VCID-7m45-bvbn-4qd3 |
| summary |
SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10913, GHSA-x92h-wmg2-6hp7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7m45-bvbn-4qd3 |
|
| 7 |
|
| 8 |
| url |
VCID-awma-bc9f-kfe2 |
| vulnerability_id |
VCID-awma-bc9f-kfe2 |
| summary |
Symfony Service IDs Allow Injection
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10910, GHSA-pgwj-prpq-jpc2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-awma-bc9f-kfe2 |
|
| 9 |
|
| 10 |
| url |
VCID-ef86-hqv4-6kaz |
| vulnerability_id |
VCID-ef86-hqv4-6kaz |
| summary |
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 19 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 20 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 21 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11406, GHSA-g4g7-q726-v5hg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz |
|
| 11 |
| url |
VCID-frbz-vpfe-vbh9 |
| vulnerability_id |
VCID-frbz-vpfe-vbh9 |
| summary |
Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 11 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 12 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 5 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-9m8x-djng-8ye3 |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 13 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19789, GHSA-x3cf-w64x-4cp2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-frbz-vpfe-vbh9 |
|
| 12 |
| url |
VCID-jqh6-rwsw-73bs |
| vulnerability_id |
VCID-jqh6-rwsw-73bs |
| summary |
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The UriSigner was subjectto timing attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18887, GHSA-q8hg-pf8v-cxrv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs |
|
| 13 |
| url |
VCID-mew1-9shg-mugs |
| vulnerability_id |
VCID-mew1-9shg-mugs |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 11 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 12 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 5 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-9m8x-djng-8ye3 |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 13 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19790, GHSA-89r2-5g34-2g47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs |
|
| 14 |
| url |
VCID-nsuz-7sdv-abef |
| vulnerability_id |
VCID-nsuz-7sdv-abef |
| summary |
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 19 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 20 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 21 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11386, GHSA-r2rq-3h56-fqm4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef |
|
| 15 |
| url |
VCID-qqd1-smb1-sbe8 |
| vulnerability_id |
VCID-qqd1-smb1-sbe8 |
| summary |
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.18 |
| purl |
pkg:composer/symfony/symfony@3.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 5 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 13 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8 |
|
| 16 |
| url |
VCID-tx26-92jc-rkff |
| vulnerability_id |
VCID-tx26-92jc-rkff |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
The security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 19 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 20 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 21 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11408, GHSA-7hwc-2cq4-6x2w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tx26-92jc-rkff |
|
| 17 |
| url |
VCID-vyug-krcw-jyef |
| vulnerability_id |
VCID-vyug-krcw-jyef |
| summary |
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 19 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 20 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 21 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 13 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11385, GHSA-g4rg-rw65-8hfg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef |
|