Количество 255
Количество 255
GHSA-q847-2q57-wmr3
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
GHSA-pgwj-prpq-jpc2
Symfony Service IDs Allow Injection
GHSA-g996-q5r8-w7g2
Symfony Cross-site Scripting (XSS) vulnerability
GHSA-cchx-mfrc-fwqr
Improper authentication in Symfony
GHSA-8wgj-6wx8-h5hq
Symfony HTTP Foundation web cache poisoning
GHSA-754h-5r27-7x3r
RCE in Symfony
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set ...
CVE-2020-15094
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.
CVE-2020-15094
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.
CVE-2020-15094
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...
CVE-2019-10911
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
CVE-2019-10911
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
CVE-2019-10911
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-q847-2q57-wmr3 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters | CVSS3: 6.1 | 1% Низкий | почти 2 года назад |
| GHSA-pgwj-prpq-jpc2 Symfony Service IDs Allow Injection | CVSS3: 9.8 | 13% Средний | почти 6 лет назад |
| GHSA-g996-q5r8-w7g2 Symfony Cross-site Scripting (XSS) vulnerability | CVSS3: 5.4 | 0% Низкий | почти 6 лет назад |
| GHSA-cchx-mfrc-fwqr Improper authentication in Symfony | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-8wgj-6wx8-h5hq Symfony HTTP Foundation web cache poisoning | CVSS3: 6.5 | 4% Низкий | больше 3 лет назад |
| GHSA-754h-5r27-7x3r RCE in Symfony | CVSS3: 8 | 2% Низкий | около 5 лет назад |
 | CVE-2023-46734 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | CVSS3: 6.1 | 1% Низкий | почти 2 года назад |
 | CVE-2023-46734 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | CVSS3: 6.1 | 1% Низкий | почти 2 года назад |
| CVE-2023-46734 Symfony is a PHP framework for web and console applications and a set ... | CVSS3: 6.1 | 1% Низкий | почти 2 года назад |
| CVE-2020-15094 In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5. | CVSS3: 8 | 2% Низкий | около 5 лет назад |
| CVE-2020-15094 In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5. | CVSS3: 8 | 2% Низкий | около 5 лет назад |
| CVE-2020-15094 In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ... | CVSS3: 8 | 2% Низкий | около 5 лет назад |
| CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ... | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10910 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. | CVSS3: 9.8 | 13% Средний | больше 6 лет назад |
| CVE-2019-10910 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. | CVSS3: 9.8 | 13% Средний | больше 6 лет назад |
| CVE-2019-10910 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ... | CVSS3: 9.8 | 13% Средний | больше 6 лет назад |
| CVE-2019-10909 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. | CVSS3: 5.4 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10909 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. | CVSS3: 5.4 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу