Lucene search
K

7 matches found

NVD
NVD
added 2023/02/03 10:15 p.m.14 views

CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

8.8CVSS7.4AI score0.0079EPSS
Exploits0References5
Prion
Prion
added 2023/02/03 10:15 p.m.19 views

Cross site request forgery (csrf)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

6.8CVSS8.7AI score0.0079EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2023/02/03 9:45 p.m.22 views

CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

8.8CVSS8.8AI score0.0079EPSS
Exploits0
Cvelist
Cvelist
added 2023/02/03 9:45 p.m.29 views

CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

6.3CVSS8.9AI score0.0079EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/02/03 12:0 a.m.31 views

CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

8.8CVSS6.9AI score0.0079EPSS
Exploits0References2
OSV
OSV
added 2020/03/30 8:9 p.m.16 views

GHSA-MCX4-F5F5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony

Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...

2.6CVSS4.6AI score0.01297EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2020/03/30 8:9 p.m.62 views

Prevent cache poisoning via a Response Content-Type header in Symfony

Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...

4.3CVSS4.3AI score0.01297EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder