Symfony Security Vulnerabilities and Issues — Symfony CVE List

Lucene search

SensiolabsSymfony

3 matches found

CVE•added 2020/03/30 8:15 p.m.•101 views

CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the re...

4.3CVSS4.5AI score0.00374EPSS

CVE•added 2020/03/30 8:15 p.m.•99 views

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the st...

5.5CVSS4.7AI score0.00267EPSS

CVE•added 2020/03/30 8:15 p.m.•91 views

CVE-2020-5275

In symfony/security-http before versions 4.4.7 and 5.0.7, when a Firewall checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take i...

8.1CVSS7.6AI score0.00274EPSS