Search for packages
| purl | pkg:composer/symfony/http-kernel@2.5.0-BETA1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7pwc-t6vf-eyax
Aliases: CVE-2022-24894 GHSA-h7vf-5wrv-9fhv GMS-2023-209 GMS-2023-212 |
Duplicate This advisory duplicates another. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-epe4-cnhd-zyef
Aliases: CVE-2015-2308 GHSA-5c58-w9xc-qcj9 |
Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-s3xz-n4w1-ekd2
Aliases: CVE-2015-4050 GHSA-qmqw-mpqp-mr54 |
Improper Access Control FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-wnu2-cmrt-bkhr
Aliases: CVE-2019-18887 GHSA-q8hg-pf8v-cxrv |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-b9mr-r4x1-pkds | Improper Access Control Direct access of ESI URLs behind a trusted proxy. |
CVE-2014-5245
GHSA-wvjv-p5rr-mmqm |