3 matches found
CVE-2026-45074
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...
CVE-2026-45074
Symfony’s Cas2Handler derives the CAS service URL from Request::getSchemeAndHttpHost(), which uses the Host header when framework.trusted_hosts is not configured. An attacker controlling another app registered with the same CAS server can replay a victim’s CAS ticket and authenticate as that vict...
CVE-2026-45074
creationtimestamp| type| source ---|---|--- 2026-05-20 10:59:28+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqschhar2o 2026-07-15 09:30:03+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqofvxlidr2d 2026-07-17 15:14:05+00:00| seen|...