Описание
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.4.6+dfsg-1 |
| devel | not-affected | 3.4.15+dfsg-2ubuntu4 |
| esm-apps/bionic | not-affected | 3.4.6+dfsg-1 |
| esm-apps/xenial | not-affected | 2.7.10-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 67%
0.00543
Низкий
6.8 Medium
CVSS2
Связанные уязвимости
nvd
почти 10 лет назад
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
debian
почти 10 лет назад
Eval injection vulnerability in the HttpCache class in HttpKernel in S ...
EPSS
Процентиль: 67%
0.00543
Низкий
6.8 Medium
CVSS2