symfony/mime Security Advisories for v4.3.5 (3)
-
CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
PKSA-2n2k-66v2-bwg3 CVE-2026-45067
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12
Reported by:
FriendsOfPHP/security-advisories -
CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names
PKSA-wtxr-p26d-nn42 CVE-2026-45070
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
PKSA-7y15-t1fp-w94f CVE-2019-18888 GHSA-xhh6-956q-4q69
Affected version: >=4.3.0,<4.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories