2 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to insufficient authentication in the upgrade flow. An attacker can bypass access restrictions and perform unauthorized actions by exploiting the unprotected upgrade logic. Remediation...
PT-2020-14179 · Symfony · Symfony
Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.13 Symfony versions prior to 5.1.5 Description: The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval...