Symfony@5.0.0 Security Vulnerabilities and Issues — Symfony@5.0.0 CVE List

Lucene search

SensiolabsSymfony5.0.0

8 matches found

CVE•added 2023/02/03 10:15 p.m.•119 views

CVE-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the AbstractSessionListener, the response m...

8.8CVSS6.9AI score0.001EPSS

CVE•added 2021/05/13 4:15 p.m.•107 views

CVE-2021-21424

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We...

5.3CVSS5.5AI score0.00281EPSS

CVE•added 2020/03/30 8:15 p.m.•102 views

CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the re...

4.3CVSS4.5AI score0.00374EPSS

CVE•added 2023/11/10 6:15 p.m.•102 views

CVE-2023-46734

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use is_safe=html but don't actually ensure their input is safe. As of ve...

6.1CVSS6.1AI score0.00989EPSS

CVE•added 2020/03/30 8:15 p.m.•100 views

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the st...

5.5CVSS4.7AI score0.00267EPSS

CVE•added 2023/02/03 10:15 p.m.•96 views

CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables ...

8.8CVSS7.3AI score0.00018EPSS

CVE•added 2020/03/30 8:15 p.m.•93 views

CVE-2020-5275

In symfony/security-http before versions 4.4.7 and 5.0.7, when a Firewall checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take i...

8.1CVSS7.6AI score0.00274EPSS

CVE•added 2021/11/24 7:15 p.m.•90 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula i...

6.5CVSS6.5AI score0.00871EPSS