Improper Authorization

Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim's session...

Design/Logic Flaw

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

CVE-2022-24894 Symfony storing cookie headers in HttpCache

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

CVE-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...