Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 263
GHSA-m884-279h-32v2
Exceptions displayed in non-debug configurations in Symfony
GHSA-mcx4-f5f5-4859
Prevent cache poisoning via a Response Content-Type header in Symfony
GHSA-cchx-mfrc-fwqr
Improper authentication in Symfony
GHSA-w2fr-65vp-mxw3
Deserialization of untrusted data in Symfony
GHSA-w4rc-rx25-8m86
Improper Input Validation in Symfony
CVE-2013-4752
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
GHSA-x92h-wmg2-6hp7
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
GHSA-4vpc-5jx4-cfqg
User enumeration leak using switch user functionality in Symfony
GHSA-xhh6-956q-4q69
Argument injection in a MimeTypeGuesser in Symfony
GHSA-79gr-58r3-pwm3
Symfony Unsafe Cache Serialization Could Enable RCE
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-m884-279h-32v2 Exceptions displayed in non-debug configurations in Symfony | CVSS3: 4.6 | 0% Низкий | почти 6 лет назад |
| GHSA-mcx4-f5f5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony | CVSS3: 2.6 | 0% Низкий | почти 6 лет назад |
| GHSA-cchx-mfrc-fwqr Improper authentication in Symfony | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
| GHSA-w2fr-65vp-mxw3 Deserialization of untrusted data in Symfony | CVSS3: 7.1 | 1% Низкий | почти 6 лет назад |
| GHSA-w4rc-rx25-8m86 Improper Input Validation in Symfony | CVSS3: 9.8 | 5% Низкий | почти 6 лет назад |
 | CVE-2013-4752 Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | CVSS3: 6.1 | 1% Низкий | около 6 лет назад |
| GHSA-x92h-wmg2-6hp7 Invalid HTTP method overrides allow possible XSS or other attacks in Symfony | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
| GHSA-4vpc-5jx4-cfqg User enumeration leak using switch user functionality in Symfony | CVSS3: 5.3 | 2% Низкий | около 6 лет назад |
| GHSA-xhh6-956q-4q69 Argument injection in a MimeTypeGuesser in Symfony | CVSS3: 7.5 | 3% Низкий | около 6 лет назад |
| GHSA-79gr-58r3-pwm3 Symfony Unsafe Cache Serialization Could Enable RCE | CVSS3: 9.8 | 3% Низкий | около 6 лет назад |
Уязвимостей на страницу