Cross site request forgery (csrf)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the...

@corex/argon-theme (>=1.1.1 <=1.1.33), @creative-tim-official/argon-dashboard-free (=1.2.0) +14 more potentially affected by CVE-2016-1000227 via bootstrap-tagsinput (=0.7.1)

bootstrap-tagsinput NPM version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-tagsinput and may be impacted: - @corex/argon-theme =1.1.1, =0.27.0, =0.0.1, =0.1.0, =3.0.0, =1.2.0, =0.1.0, =0.2.0, =0.1.1, =1.2.6, =1.4.0, =0.1.89, =0.2....

The vulnerability of the Form component in the Symfony software development and web application management platform allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Form component in the Symfony software development and web application management platform exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to disclose sensitive information by sending a specially crafted HTTP request,...

UBUNTU-CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

DEBIAN-CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

Timing Attack

symfony/form is vulnerable to timing attacks. The library is vulnerable because they do not compare CSRF Tokens in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid token...

CVE-2017-16790: Ensure that submitted data are uploaded files

Affected versions Symfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Form component are affected by this security issue. The issue has been fixed in Symfony 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. Note that no fixes are provide...

UBUNTU-CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...