CVE-2019-10913

creationtimestamp| type| source ---|---|--- 2019-05-16 22:51:28+00:00| seen| https://t.me/cvemitreorg/29...

CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

CVE-2019-10913

CVE-2019-10913 affects the Symfony PHP framework's HTTP Foundation. Versions vulnerable include Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7. The issue: HTTP methods provided as verbs or via the X-Http-Method-Override header may be treat...

Debian DLA-1778-1 : symfony security update

Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection, Security, HttpFoundation CVE-2019-10909 Validation messages were not escaped when using the form theme of the PHP...

[SECURITY] [DLA 1778-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u5 CVE ID : CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection...

Fedora 30 : php-symfony3 (2019-8635280de5)

Version 3.4.26 2019-04-17 - bug 31084 HttpFoundation Make MimeTypeExtensionGuesser case insensitive vermeirentony - bug 31142 Revert 'bug 30423 Security Rework firewall's access denied rule dimabory' chalasr - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security...

Fedora 30 : php-symfony4 (2019-f5d6a7ce74)

Version 4.2.7 2019-04-17 - bug 31107 Routing fix trailing slash redirection with non-greedy trailing vars nicolas-grekas - bug 31108 FrameworkBundle decorate the ValidatorBuilder's translator with LegacyTranslatorProxy nicolas-grekas - bug 31121 HttpKernel Fix get session when the request stack i...

Fedora 29 : php-symfony (2019-f8db687840)

Version 2.8.50 2019-04-17 - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security cve-2019-10909 FrameworkBundleForm Fix XSS issues in the form theme of the PHP templating engine stof - security cve-2019-10912 PHPUnit Bridge Prevent destructors with side-effects from...

CVE-2019-10913: Reject invalid HTTP method overrides

More info at https://symfony.com/cve-2019-10913...

CVE-2019-10913: Reject invalid HTTP method overrides

More info at https://symfony.com/cve-2019-10913...