Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs symfony vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2020-5274
In Symfony prior to 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the excepti...
Sensiolabs Symfony
578
VMScore
CVE-2019-10912
In Symfony prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. Th...
Sensiolabs Symfony
668
VMScore
CVE-2019-10913
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. T...
Sensiolabs Symfony
2 Github repositories
445
VMScore
CVE-2018-14774
An issue exists in HttpKernel in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. When using HttpCache, the values...
Sensiolabs Symfony
578
VMScore
CVE-2021-32693
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and before 5.3.2. When an application defines multiple firewalls, the token authenticated...
Sensiolabs Symfony
668
VMScore
CVE-2019-11325
An issue exists in Symfony prior to 4.2.12 and 4.3.x prior to 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Sensiolabs Symfony
383
VMScore
CVE-2017-18343
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is t...
Sensiolabs Symfony
445
VMScore
CVE-2019-18886
An issue exists in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.
Sensiolabs Symfony
668
VMScore
CVE-2018-11407
An issue exists in the Ldap component in Symfony 2.8.x prior to 2.8.37, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.7, and 4.0.x prior to 4.0.7. It allows remote malicious users to bypass authentication by logging in with a "null" password and valid username, which trigge...
Sensiolabs Symfony
606
VMScore
CVE-2022-23601
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the use...
Sensiolabs Symfony
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »