Search for packages
Package details: pkg:composer/symfony/symfony@2.7.49
purl pkg:composer/symfony/symfony@2.7.49
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-2nm9-bzfc-97ct Symfony Host Header Injection An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. CVE-2018-14774
GHSA-66p6-7p29-55p9
VCID-zbme-ygft-4qht access restriction bypass CVE-2018-14773
GHSA-8wgj-6wx8-h5hq