9 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24894
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It...
Debian dla-3493 : php-symfony - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3493 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3493-1 [email protected]...
[SECURITY] [DLA 3493-1] symfony security update
Debian LTS Advisory DLA-3493-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u2 CVE ID : CVE-2021-21424 CVE-2022-24894 CVE-2022-24895 Multiple security vulnerabilities were...
Fedora 37 : php-symfony4 (2023-74b702f058)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-74b702f058 advisory. Version 4.4.50 2023-02-01 security cve-2022-24895 Security/Http Remove CSRF tokens from storage on successful login nicolas-grekas security...
Fedora: Security Advisory for php-symfony4 (FEDORA-2023-aecde14648)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Symfony Multiple Vulnerabilities (GHSA-h7vf-5wrv-9fhv, GHSA-3gv2-29qc-v67m)
Symfony is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-24894 Symfony storing cookie headers in HttpCache
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...
CVE-2022-24894
Mode C: CVE-2022-24894 affects Symfony (PHP framework) where the HTTP cache system can inadvertently store a response containing a Set-Cookie header and serve it to subsequent clients. Root cause: a change in AbstractSessionListener allows the response to include Set-Cookie when HTTP caching is e...
CVE-2022-24894: Prevent storing cookie headers in HttpCache
More info at https://symfony.com/cve-2022-24894...