Search for vulnerabilities
Vulnerability ID | VCID-m81q-5z8a-4khm |
Aliases |
CVE-2015-8125
GHSA-g97c-jfx6-xvxh |
Summary | Symfony Vulnerable to Timing Attack Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) `Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices` or (2) `Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener` class in the Symfony Security Component, or (3) legacy CSRF implementation from the `Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider` class in the Symfony Form component. |
Status | Published |
Exploitability | None |
Weighted Severity | None |
Risk | None |
Affected and Fixed Packages | Package Details |
Percentile | 0.76042 |
EPSS Score | 0.01008 |
Published At | June 30, 2025, 12:55 p.m. |
Date | Actor | Action | Source | VulnerableCode Version |
---|---|---|---|---|
2025-07-01T12:27:22.464989+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g97c-jfx6-xvxh/GHSA-g97c-jfx6-xvxh.json | 36.1.3 |