Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 255
BDU:2019-04112
Уязвимость компонентов DefaultAuthenticationSuccessHandler, DefaultAuthenticationFailureHandler программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю проводить фишинг-атаки и получить доступ к защищаемой информации
BDU:2019-04114
Уязвимость компонента Intl программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю раскрыть защищаемую информацию
CVE-2016-2403
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
CVE-2016-2403
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to b ...
CVE-2016-2403
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
CVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
CVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall ...
CVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony before 2.3 ...
CVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2019-04112 Уязвимость компонентов DefaultAuthenticationSuccessHandler, DefaultAuthenticationFailureHandler программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю проводить фишинг-атаки и получить доступ к защищаемой информации | CVSS3: 6.1 | 0% Низкий | около 8 лет назад |
| BDU:2019-04114 Уязвимость компонента Intl программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
 | CVE-2016-2403 Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | CVSS3: 9.8 | 0% Низкий | почти 9 лет назад |
| CVE-2016-2403 Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to b ... | CVSS3: 9.8 | 0% Низкий | почти 9 лет назад |
 | CVE-2016-2403 Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | CVSS3: 9.8 | 0% Низкий | почти 9 лет назад |
| CVE-2016-4423 The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | CVSS3: 7.5 | 1% Низкий | больше 9 лет назад |
| CVE-2016-4423 The attemptAuthentication function in Component/Security/Http/Firewall ... | CVSS3: 7.5 | 1% Низкий | больше 9 лет назад |
| CVE-2016-1902 The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | CVSS3: 7.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-1902 The nextBytes function in the SecureRandom class in Symfony before 2.3 ... | CVSS3: 7.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-1902 The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | CVSS3: 7.5 | 0% Низкий | больше 9 лет назад |
Уязвимостей на страницу