Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
symfony vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-10909
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Sensiolabs Symfony
Drupal Drupal
7.5
CVSSv2
CVE-2019-10910
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Sensiolabs Symfony
Drupal Drupal
6
CVSSv2
CVE-2019-10911
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, a vulnerability would allow an malicious user to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. T...
Sensiolabs Symfony
Drupal Drupal
7.5
CVSSv2
CVE-2019-18889
An issue exists in Symfony 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
Sensiolabs Symfony
Fedoraproject Fedora 31
1 Github repository
5.8
CVSSv2
CVE-2017-16652
An issue exists in Symfony 2.7.x prior to 2.7.38, 2.8.x prior to 2.8.31, 3.2.x prior to 3.2.14, and 3.3.x prior to 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response,...
Sensiolabs Symfony
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2018-11406
An issue exists in the Security component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled ...
Sensiolabs Symfony
Debian Debian Linux 9.0
5.8
CVSSv2
CVE-2018-11408
The security handlers in the Security component in Symfony in 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this i...
Sensiolabs Symfony
Debian Debian Linux 8.0
5
CVSSv2
CVE-2018-19789
An issue exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9, and 4.2.x prior to 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's t...
Sensiolabs Symfony
Debian Debian Linux 8.0
4
CVSSv2
CVE-2017-16790
An issue exists in Symfony prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are the...
Sensiolabs Symfony
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2019-9942
A sandbox information disclosure exists in Twig prior to 1.38.0 and 2.x prior to 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
Symfony Twig
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »