Lucene search

K

5 matches found

CVE
CVE
added 2022/02/01 1:15 p.m.101 views

CVE-2022-23601

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the F...

8.8CVSS8.3AI score0.00173EPSS
CVE
CVE
added 2018/06/13 4:29 p.m.84 views

CVE-2017-16652

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is pe...

6.1CVSS6.1AI score0.00222EPSS
CVE
CVE
added 2018/07/20 12:29 a.m.60 views

CVE-2017-18343

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulner...

6.1CVSS5.9AI score0.00504EPSS
Web
CVE
CVE
added 2024/11/06 9:15 p.m.59 views

CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class t...

6.1CVSS3.4AI score0.0012EPSS
CVE
CVE
added 2024/11/06 9:15 p.m.52 views

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking....

9.8CVSS3.9AI score0.0024EPSS