Symfony@4.4.0 Security Vulnerabilities and Issues — Symfony@4.4.0 CVE List

Lucene search

SensiolabsSymfony4.4.0

4 matches found

CVE•added 2020/09/02 6:15 p.m.•103 views

CVE-2020-15094

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially w...

8.8CVSS8.4AI score0.02248EPSS

CVE•added 2020/03/30 8:15 p.m.•102 views

CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the re...

4.3CVSS4.5AI score0.00374EPSS

CVE•added 2020/03/30 8:15 p.m.•100 views

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the st...

5.5CVSS4.7AI score0.00267EPSS

CVE•added 2020/03/30 8:15 p.m.•93 views

CVE-2020-5275

In symfony/security-http before versions 4.4.7 and 5.0.7, when a Firewall checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take i...

8.1CVSS7.6AI score0.00274EPSS