Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 255
CVE-2020-5274
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5
GHSA-g4m9-5hpf-hx72
Firewall configured with unanimous strategy was not actually unanimous in Symfony
GHSA-m884-279h-32v2
Exceptions displayed in non-debug configurations in Symfony
GHSA-mcx4-f5f5-4859
Prevent cache poisoning via a Response Content-Type header in Symfony
GHSA-cchx-mfrc-fwqr
Improper authentication in Symfony
GHSA-w2fr-65vp-mxw3
Deserialization of untrusted data in Symfony
GHSA-w4rc-rx25-8m86
Improper Input Validation in Symfony
CVE-2013-4752
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
GHSA-x92h-wmg2-6hp7
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
GHSA-4vpc-5jx4-cfqg
User enumeration leak using switch user functionality in Symfony
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-5274 In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5 | CVSS3: 4.6 | 0% Низкий | больше 5 лет назад |
| GHSA-g4m9-5hpf-hx72 Firewall configured with unanimous strategy was not actually unanimous in Symfony | CVSS3: 7.6 | 0% Низкий | больше 5 лет назад |
| GHSA-m884-279h-32v2 Exceptions displayed in non-debug configurations in Symfony | CVSS3: 4.6 | 0% Низкий | больше 5 лет назад |
| GHSA-mcx4-f5f5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony | CVSS3: 2.6 | 0% Низкий | больше 5 лет назад |
| GHSA-cchx-mfrc-fwqr Improper authentication in Symfony | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-w2fr-65vp-mxw3 Deserialization of untrusted data in Symfony | CVSS3: 7.1 | 1% Низкий | больше 5 лет назад |
| GHSA-w4rc-rx25-8m86 Improper Input Validation in Symfony | CVSS3: 9.8 | 5% Низкий | больше 5 лет назад |
 | CVE-2013-4752 Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | CVSS3: 6.1 | 1% Низкий | почти 6 лет назад |
| GHSA-x92h-wmg2-6hp7 Invalid HTTP method overrides allow possible XSS or other attacks in Symfony | CVSS3: 9.8 | 0% Низкий | почти 6 лет назад |
| GHSA-4vpc-5jx4-cfqg User enumeration leak using switch user functionality in Symfony | CVSS3: 5.3 | 2% Низкий | почти 6 лет назад |
Уязвимостей на страницу