Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs symfony vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-14774
An issue exists in HttpKernel in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. When using HttpCache, the values...
Sensiolabs Symfony
5.5
CVSSv2
CVE-2020-5275
In symfony/security-http prior to 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that shou...
Sensiolabs Symfony
4
CVSSv2
CVE-2020-5255
In Symfony prior to 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Conte...
Sensiolabs Symfony
5.5
CVSSv2
CVE-2020-5274
In Symfony prior to 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the excepti...
Sensiolabs Symfony
4.3
CVSSv2
CVE-2018-12040
Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote malicious users to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... i...
Sensiolabs Symfony 3.3.6
3.5
CVSSv2
CVE-2019-10909
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Sensiolabs Symfony
Drupal Drupal
7.5
CVSSv2
CVE-2019-10910
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Sensiolabs Symfony
Drupal Drupal
6
CVSSv2
CVE-2019-10911
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, a vulnerability would allow an malicious user to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. T...
Sensiolabs Symfony
Drupal Drupal
7.5
CVSSv2
CVE-2020-15094
In Symfony prior to 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was...
Sensiolabs Httpclient
Sensiolabs Symfony
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv2
CVE-2019-18889
An issue exists in Symfony 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
Sensiolabs Symfony
Fedoraproject Fedora 31
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »