Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 244
GHSA-35c5-28pg-2qg4
Symfony Authentication Bypass
GHSA-wvj5-r78r-hhfq
Symfony Authentication Bypass
GHSA-mm4c-ww47-3x4c
** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.
GHSA-j5jh-hpr4-h332
Symfony Session Fixation Vulnerability
GHSA-cqqh-94r6-wjrg
Symfony SSRF Vulnerability via Form Component
GHSA-66p6-7p29-55p9
Symfony Host Header Injection
GHSA-mjcw-3g32-5p52
** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)."
GHSA-g4rg-rw65-8hfg
Symfony Session Fixation Vulnerability
GHSA-r7p7-qr7p-2rrf
Symfony Open Redirect
GHSA-c49r-8gj6-768r
Symfony Directory Traversal
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-35c5-28pg-2qg4 Symfony Authentication Bypass | CVSS3: 9.8 | 0% Низкий | около 3 лет назад |
| GHSA-wvj5-r78r-hhfq Symfony Authentication Bypass | CVSS3: 9.8 | 0% Низкий | около 3 лет назад |
| GHSA-mm4c-ww47-3x4c ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-j5jh-hpr4-h332 Symfony Session Fixation Vulnerability | CVSS3: 3.1 | 0% Низкий | около 3 лет назад |
| GHSA-cqqh-94r6-wjrg Symfony SSRF Vulnerability via Form Component | CVSS3: 6.5 | 1% Низкий | около 3 лет назад |
| GHSA-66p6-7p29-55p9 Symfony Host Header Injection | CVSS3: 7.2 | 0% Низкий | около 3 лет назад |
| GHSA-mjcw-3g32-5p52 ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-g4rg-rw65-8hfg Symfony Session Fixation Vulnerability | CVSS3: 8.1 | 1% Низкий | около 3 лет назад |
| GHSA-r7p7-qr7p-2rrf Symfony Open Redirect | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-c49r-8gj6-768r Symfony Directory Traversal | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу