Lucene search
K

8 matches found

CVE
CVE
added 2 days ago90 views

CVE-2026-45067

The CVE affects Symfony MIME Address: the constructor previously accepted local-parts like "x\r\nBcc: attacker@evil" which could be emitted into message headers and SMTP commands (MAIL FROM/RCPT), enabling CRLF injection. The issue’s root cause is acceptance of line breaks in quoted local-parts; ...

6.3CVSS6.1AI score0.00619EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 8:42 p.m.8 views

GHSA-QPMX-3RFJ-7RHV Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

7.1CVSS5.8AI score0.00619EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/20 3:35 p.m.12 views

CRLF Injection

Overview symfony/mime is a library to manipulate MIME messages. Affected versions of this package are vulnerable to CRLF Injection due to improperly validating user input specifically carriage return and line feed bytes within the Symfony\Component\Mime\Address constructor. The constructor accept...

6.3CVSS5.8AI score0.00619EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.13 views

CRLF Injection

Overview symfony/mime is a library to manipulate MIME messages. Affected versions of this package are vulnerable to CRLF Injection via Non-Token Characters in Mime Parameter Names. A caller that derives a parameter name from untrusted input, e.g. an application that lets a user influence a...

6.5CVSS5.8AI score0.00448EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2019-18888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidat...

7.5CVSS7.4AI score0.02248EPSS
Exploits0References2
OSV
OSV
added 2019/11/21 11:15 p.m.8 views

UBUNTU-CVE-2019-18888

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command...

7.5CVSS7.2AI score0.02248EPSS
Exploits0References5
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

More info at https://symfony.com/cve-2026-45067...

6.3CVSS5.8AI score0.00619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

More info at https://symfony.com/cve-2026-45067...

6.3CVSS5.8AI score0.00619EPSS
Exploits0Affected Software1
Rows per page
Query Builder