Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 247
GHSA-x92h-wmg2-6hp7
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
GHSA-4vpc-5jx4-cfqg
User enumeration leak using switch user functionality in Symfony
GHSA-xhh6-956q-4q69
Argument injection in a MimeTypeGuesser in Symfony
GHSA-79gr-58r3-pwm3
Symfony Unsafe Cache Serialization Could Enable RCE
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through ...
CVE-2019-18888
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).
CVE-2019-18888
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ...
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-x92h-wmg2-6hp7 Invalid HTTP method overrides allow possible XSS or other attacks in Symfony | CVSS3: 9.8 | 0% Низкий | больше 5 лет назад |
| GHSA-4vpc-5jx4-cfqg User enumeration leak using switch user functionality in Symfony | CVSS3: 5.3 | 2% Низкий | больше 5 лет назад |
| GHSA-xhh6-956q-4q69 Argument injection in a MimeTypeGuesser in Symfony | CVSS3: 7.5 | 3% Низкий | больше 5 лет назад |
| GHSA-79gr-58r3-pwm3 Symfony Unsafe Cache Serialization Could Enable RCE | CVSS3: 9.8 | 3% Низкий | больше 5 лет назад |
 | CVE-2019-18889 An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. | CVSS3: 9.8 | 3% Низкий | больше 5 лет назад |
| CVE-2019-18889 An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through ... | CVSS3: 9.8 | 3% Низкий | больше 5 лет назад |
| CVE-2019-18888 An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). | CVSS3: 7.5 | 3% Низкий | больше 5 лет назад |
| CVE-2019-18888 An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ... | CVSS3: 7.5 | 3% Низкий | больше 5 лет назад |
| CVE-2019-18887 An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. | CVSS3: 8.1 | 1% Низкий | больше 5 лет назад |
| CVE-2019-18887 An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ... | CVSS3: 8.1 | 1% Низкий | больше 5 лет назад |
Уязвимостей на страницу