Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 247
GHSA-hf4c-m2jg-33qx
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
GHSA-2r5h-6r7v-5m7c
Symphony Vulnerable to PHP Code Injection via YAML Parsing
GHSA-7w53-hfpw-rg3g
Symfony Arbitrary PHP code Execution
GHSA-35c5-28pg-2qg4
Symfony Authentication Bypass
GHSA-wvj5-r78r-hhfq
Symfony Authentication Bypass
GHSA-mm4c-ww47-3x4c
** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.
GHSA-j5jh-hpr4-h332
Symfony Session Fixation Vulnerability
GHSA-cqqh-94r6-wjrg
Symfony SSRF Vulnerability via Form Component
GHSA-66p6-7p29-55p9
Symfony Host Header Injection
GHSA-mjcw-3g32-5p52
** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-hf4c-m2jg-33qx lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | 1% Низкий | около 3 лет назад | |
| GHSA-2r5h-6r7v-5m7c Symphony Vulnerable to PHP Code Injection via YAML Parsing | 1% Низкий | около 3 лет назад | |
| GHSA-7w53-hfpw-rg3g Symfony Arbitrary PHP code Execution | 1% Низкий | около 3 лет назад | |
| GHSA-35c5-28pg-2qg4 Symfony Authentication Bypass | CVSS3: 9.8 | 0% Низкий | около 3 лет назад |
| GHSA-wvj5-r78r-hhfq Symfony Authentication Bypass | CVSS3: 9.8 | 0% Низкий | около 3 лет назад |
| GHSA-mm4c-ww47-3x4c ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-j5jh-hpr4-h332 Symfony Session Fixation Vulnerability | CVSS3: 3.1 | 0% Низкий | около 3 лет назад |
| GHSA-cqqh-94r6-wjrg Symfony SSRF Vulnerability via Form Component | CVSS3: 6.5 | 1% Низкий | около 3 лет назад |
| GHSA-66p6-7p29-55p9 Symfony Host Header Injection | CVSS3: 7.2 | 0% Низкий | около 3 лет назад |
| GHSA-mjcw-3g32-5p52 ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу