10 matches found
XML External Entity (XXE) Injection
symfony/serializer is vulnerable to XML External Entity XXE injection. This vulnerability is due to the failure to disable external entities when parsing XML using the XMLEncoder component, which allows an attacker to include arbitrary files from the file system by exploiting the XXE injection fl...
GHSA-MMCV-FVQ8-R9X3 Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system...
Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system...
GHSA-J68W-PG49-F6VX Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system...
Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
Command injection
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
Symfony2 Local File Disclosure
Exploit for php platform in category web applications Release Date. 05-Mar-2012 Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information Attack Vector. Remote without authentication...
Symfony 2 Unauthenticated Information Disclosure
Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information Attack Vector. Remote without...
Symfony2 - Local File Disclosure
Symfony2 - Local File Disclosure Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information...