Lucene search
K

5 matches found

OSV
OSV
added 2021/11/24 9:1 p.m.30 views

GHSA-2XHG-W2G5-W95X CSV Injection in symfony/serializer

Description ----------- CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we'...

6.5CVSS6.1AI score0.01355EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2021/11/24 9:1 p.m.45 views

CSV Injection in symfony/serializer

Description ----------- CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we'...

6.5CVSS1.4AI score0.01355EPSS
Exploits0References13Affected Software2
Symfony
Symfony
added 2021/11/24 12:0 a.m.38 views

CVE-2021-41270: Prevent CSV Injection via formulas

Description CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we've added the...

6.5CVSS6.2AI score0.01355EPSS
Exploits0
Symfony
Symfony
added 2019/04/17 12:0 a.m.73 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

Affected versions Symfony 2.8.0 to 2.8.49, 3.4.0 to 3.4.25, 4.1.0 to 4.1.11 and 4.2.0 to 4.2.6 versions of the Symfony Cache component are affected by this security issue. The issue has been fixed in Symfony 2.8.50, 3.4.26, 4.1.12 and 4.2.7. Note that no fixes are provided for Symfony 3.0, 3.1,...

7.1CVSS6.8AI score0.02302EPSS
Exploits0
OSV
OSV
added 2018/12/18 10:29 p.m.24 views

CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

6.1CVSS6.5AI score0.01485EPSS
Exploits0References8
Rows per page
Query Builder