Symfony@6.0.0 Security Vulnerabilities and Issues — Symfony@6.0.0 CVE List

Lucene search

SensiolabsSymfony6.0.0

7 matches found

CVE•added 2023/02/03 10:15 p.m.•119 views

CVE-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the AbstractSessionListener, the response m...

8.8CVSS6.9AI score0.001EPSS

CVE•added 2023/11/10 6:15 p.m.•102 views

CVE-2023-46734

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use is_safe=html but don't actually ensure their input is safe. As of ve...

6.1CVSS6.1AI score0.00989EPSS

CVE•added 2022/02/01 1:15 p.m.•101 views

CVE-2022-23601

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the F...

8.8CVSS8.3AI score0.00173EPSS

CVE•added 2023/02/03 10:15 p.m.•96 views

CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables ...

8.8CVSS7.3AI score0.00018EPSS

CVE•added 2024/11/06 9:15 p.m.•59 views

CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class t...

6.1CVSS3.4AI score0.0012EPSS

CVE•added 2023/11/10 6:15 p.m.•53 views

CVE-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any user-s...

6.1CVSS6.2AI score0.01936EPSS

CVE•added 2024/11/06 9:15 p.m.•52 views

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking....

9.8CVSS3.9AI score0.0024EPSS