Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 255
GHSA-7w53-hfpw-rg3g
Symfony Arbitrary PHP code Execution
GHSA-35c5-28pg-2qg4
Symfony Authentication Bypass
GHSA-wvj5-r78r-hhfq
Symfony Authentication Bypass
GHSA-mm4c-ww47-3x4c
** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.
GHSA-j5jh-hpr4-h332
Symfony Session Fixation Vulnerability
GHSA-cqqh-94r6-wjrg
Symfony SSRF Vulnerability via Form Component
GHSA-66p6-7p29-55p9
Symfony Host Header Injection
GHSA-mjcw-3g32-5p52
** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)."
GHSA-g4rg-rw65-8hfg
Symfony Session Fixation Vulnerability
GHSA-r7p7-qr7p-2rrf
Symfony Open Redirect
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-7w53-hfpw-rg3g Symfony Arbitrary PHP code Execution | 1% Низкий | больше 3 лет назад | |
| GHSA-35c5-28pg-2qg4 Symfony Authentication Bypass | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
| GHSA-wvj5-r78r-hhfq Symfony Authentication Bypass | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
| GHSA-mm4c-ww47-3x4c ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-j5jh-hpr4-h332 Symfony Session Fixation Vulnerability | CVSS3: 3.1 | 0% Низкий | больше 3 лет назад |
| GHSA-cqqh-94r6-wjrg Symfony SSRF Vulnerability via Form Component | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
| GHSA-66p6-7p29-55p9 Symfony Host Header Injection | CVSS3: 7.2 | 0% Низкий | больше 3 лет назад |
| GHSA-mjcw-3g32-5p52 ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-g4rg-rw65-8hfg Symfony Session Fixation Vulnerability | CVSS3: 8.1 | 1% Низкий | больше 3 лет назад |
| GHSA-r7p7-qr7p-2rrf Symfony Open Redirect | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу