2 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-10910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow...
XML Entity Expansion (XEE)
symfony/dependency-injection is vulnerable to XML Entity Expansion XEE . The vulnerability is due to XML Entity Expansion XEE attacks, where the use of libxml2 lacks defense against XEE Quadratic Blowup Attacks QBA, allowing long entities to create a memory sink for Denial of Service attacks on R...