Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs symfony vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-46733
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in ...
Sensiolabs Symfony
7.2
CVSSv3
CVE-2018-14774
An issue exists in HttpKernel in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. When using HttpCache, the values...
Sensiolabs Symfony
9.8
CVSSv3
CVE-2019-11325
An issue exists in Symfony prior to 4.2.12 and 4.3.x prior to 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Sensiolabs Symfony
5.4
CVSSv3
CVE-2020-5274
In Symfony prior to 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the excepti...
Sensiolabs Symfony
8.1
CVSSv3
CVE-2020-5275
In symfony/security-http prior to 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that shou...
Sensiolabs Symfony
8.8
CVSSv3
CVE-2022-24894
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionList...
Sensiolabs Symfony
7.1
CVSSv3
CVE-2019-10912
In Symfony prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. Th...
Sensiolabs Symfony
9.8
CVSSv3
CVE-2019-10913
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. T...
Sensiolabs Symfony
2 Github repositories
8.8
CVSSv3
CVE-2022-23601
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the use...
Sensiolabs Symfony
4.3
CVSSv3
CVE-2020-5255
In Symfony prior to 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Conte...
Sensiolabs Symfony
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »