2 matches found
CVE-2026-45070
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter values but emits parameter names verbatim, allowing a caller that derive...
PT-2026-44139
Name of the Vulnerable Software and Affected Versions Symfony affected versions not specified Description The ParameterizedHeader class and related parameter handling in Headers fails to validate parameter names when serializing structured headers like Content-Type and Content-Disposition. While...