The security handlers in the Security component in Symfony in 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sensiolabs symfony |
||
debian debian linux 8.0 |