18 matches found
EUVD-2022-5068
Malicious code in bioql PyPI...
GHSA-R2RQ-3H56-FQM4 Symfony DoS
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
Symfony DoS
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
Fedora 28 : php-symfony (2018-eba0006df2)
Version 2.8.41 2018-05-25 - bug 27359 HttpFoundation Fix perf issue during MimeTypeGuesser intialization nicolas-grekas - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security...
Sensiolabs Symfony 2.7.x < 2.7.48, 2.8.x < 2.8.41, 3.3.x < 3.3.17, 3.4.x < 3.4.11, and 4.0.x < 4.0.11 Multiple Vulnerabilities
This host runs Symfony and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Fedora 27 : php-symfony (2018-2bdfc9dc67)
2.8.42 2018-06-25 - bug 27669 Filesystem fix file lock on SunOS fritzmg - bug 27309 Fix surrogate not using original request Toflar - bug 27630 ValidatorForm Remove BOM in some xlf files gautierderuette - bug 27591 VarDumper Fix dumping ArrayObject and ArrayIterator instances nicolas-grekas - bug...
Fedora 27 : php-symfony3 (2018-c8ddc44bbb)
3.3.17 2018-05-25 - security cve-2018-11407 Ldap cast to string when checking empty passwords - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security cve-2018-11385 migrating sessio...
UBUNTU-CVE-2018-11386
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
CVE-2018-11386
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
CVE-2018-11386
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
CVE-2018-11386
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
CVE-2018-11386
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...
Symfony 2.7.0 < 4.0.10 - Denial of Service Exploit
Exploit for php platform in category dos / poc The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An applicati...
Symfony 2.7.0 4.0.10 - Denial of Service
Symfony 2.7.0 4.0.10 - Denial of Service The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is...
Symfony 2.7.0 < 4.0.10 - Denial of Service
The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is vulnerable when: - It is using...
CVE-2018-11386: Denial of service when using PDOSessionHandler
More info at https://symfony.com/cve-2018-11386...
CVE-2018-11386: Denial of service when using PDOSessionHandler
More info at https://symfony.com/cve-2018-11386...
CVE-2018-11386: Denial of service when using PDOSessionHandler
Affected versions Symfony 2.7.0 to 2.7.47, 2.8.0 to 2.8.40, 3.3.0 to 3.3.16, 3.4.0 to 3.4.10, and 4.0.0 to 4.0.10 versions of the Symfony http-foundation component are affected by this security issue. The issue has been fixed in Symfony 2.7.48, 2.8.41, 3.3.17, 3.4.11, and 4.0.11. 4.1.0 has also...