Lucene search
K

9 matches found

OSV
OSV
added 2022/05/14 1:22 a.m.22 views

GHSA-G4RG-RW65-8HFG Symfony Session Fixation Vulnerability

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web...

8.1CVSS7.7AI score0.02014EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2022/05/14 1:14 a.m.26 views

Symfony DoS

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...

5.9CVSS6.7AI score0.01607EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2018/12/18 10:29 p.m.22 views

CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

6.1CVSS6.5AI score0.01485EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2018/08/03 5:29 p.m.34 views

CVE-2018-14773

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

6.5CVSS7AI score0.58061EPSS
Exploits0References2
Prion
Prion
added 2018/06/13 4:29 p.m.22 views

Cross site request forgery (csrf)

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

6.8CVSS8.5AI score0.00761EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2018/06/13 4:29 p.m.27 views

CVE-2018-11385

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web...

8.1CVSS7.2AI score0.02014EPSS
Exploits0References5
OSV
OSV
added 2018/06/13 4:29 p.m.23 views

CVE-2018-11386

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...

5.9CVSS5.9AI score0.01607EPSS
Exploits0References5
CVE
CVE
added 2015/12/07 8:0 p.m.79 views

CVE-2015-8125

CVE-2015-8125 affects Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7. It describes a potential remote timing-attack vulnerability in the Symfony Security Remember-Me service (PersistentTokenBasedRememberMeServices), the DigestAuthenticationListener, and the legacy CSRF i...

7.5CVSS6.8AI score0.02545EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/12/07 8:0 p.m.23 views

CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id...

6.2AI score0.02712EPSS
Exploits1References7
Rows per page
Query Builder