Описание
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 3.4.15+dfsg-2ubuntu4 |
| devel | not-affected | 3.4.15+dfsg-2ubuntu4 |
| disco | not-affected | 3.4.15+dfsg-2ubuntu4 |
| eoan | not-affected | 3.4.15+dfsg-2ubuntu4 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 3.4.15+dfsg-2ubuntu4 |
| esm-apps/jammy | not-affected | 3.4.15+dfsg-2ubuntu4 |
| esm-apps/noble | not-affected | 3.4.15+dfsg-2ubuntu4 |
Показывать по
Ссылки на источники
5.8 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
The security handlers in the Security component in Symfony in 2.7.x be ...
Уязвимость подкомпонента security.http_utils компонента Security программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю проводить фишинг-атаки и получить доступ к защищаемой информации
5.8 Medium
CVSS2
6.1 Medium
CVSS3