Symfony HttpFoundation - Access Control Bypass via PATH_INFO

Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...

Linux Distros Unpatched Vulnerability : CVE-2025-64500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented...

Incorrect Authorization

Overview symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification. Affected versions of this package are vulnerable to Incorrect Authorization due to the Request class improperly interpreting some PATHINFO in a way that leads to representing some URLs wit...

EUVD-2022-5068

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-14773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through...

PT-2024-34155 · Symfony +5 · Symfony Httpfoundation +5

Name of the Vulnerable Software and Affected Versions: symfony/http-foundation versions prior to 5.4.46 symfony/http-foundation versions prior to 6.4.14 symfony/http-foundation versions prior to 7.1.7 Description: The Request class in symfony/http-foundation does not parse URI with special...

PT-2024-10558 · Symfony · Symfony Httpfoundation

Name of the Vulnerable Software and Affected Versions: Symfony HttpFoundation component versions 2.0.X through 2.5.X Description: The issue arises when an application uses HTTP basic or digest authentication, and the Authorization header is not parsed properly by Symfony, potentially allowing...

PT-2024-10555 · Symfony · Symfony Httpfoundation

Name of the Vulnerable Software and Affected Versions: Symfony HttpFoundation component versions 2.0.X through 2.5.X Description: This issue allows for a Denial of Service DoS attack when an arbitrarily long hostname is sent by a client. The parsing of the hostname in the Request::getHost functio...

Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)

Summary IBM API Connect has fixed the following vulnerability. API Connect is impacted by vulnerabilities addressed in the Drupal 8 advisory https://www.drupal.org/SA-CORE-2018-005 Vulnerability Details CVEID: CVE-2018-14773 DESCRIPTION: Drupal Core could allow a remote attacker to bypass securit...

DEBIAN-CVE-2018-14773

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers—Patch Now

It's time to update your Drupal websites. Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites. The vulnerability, tracked as...

CVE-2015-2309: Unsafe methods in the Request class

Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as the...