An issue exists in Symfony 2.8.0 up to and including 2.8.50, 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sensiolabs symfony |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |