symfony/symfony Security Advisories for v2.1.0-BETA4 (25)
-
[HIGH] CVE-2024-51736: Command execution hijack on Windows with Process class
PKSA-jdmc-h4p3-hds2 CVE-2024-51736 GHSA-qq5c-677p-737q
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] CVE-2024-50345: Open redirect via browser-sanitized URLs
PKSA-rb2q-qy38-2dj7 CVE-2024-50345 GHSA-mrqx-rp3w-jpjp
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] CVE-2024-50343: Incorrect response from Validator when input ends with ` `
PKSA-19z7-hn1j-mtcg CVE-2024-50343 GHSA-g3rh-rrhp-jhh9
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.43|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.11|>=7.0.0,<7.1.0|>=7.1.0,<7.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Symfony2 improper IP based access control
PKSA-hx88-8gq9-rm71 GHSA-hx53-jchx-cr52
Affected version: >=2.1.0,<2.1.4|>=2.0.0,<2.0.19
Reported by:
GitHub -
[MEDIUM] CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
PKSA-y38q-cfj7-gm5p CVE-2023-46734 GHSA-q847-2q57-wmr3
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.51|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.31|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-24895: Possible CSRF token fixation
PKSA-53qn-v9cx-yn6c CVE-2022-24895 GHSA-3gv2-29qc-v67m
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.50|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.20|>=6.0.0,<6.0.20|>=6.1.0,<6.1.12|>=6.2.0,<6.2.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-24894: Prevent storing cookie headers in HttpCache
PKSA-x3kp-hpzz-4th3 CVE-2022-24894 GHSA-h7vf-5wrv-9fhv
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.50|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.20|>=6.0.0,<6.0.20|>=6.1.0,<6.1.12|>=6.2.0,<6.2.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
PKSA-7c17-cdm2-nd4n CVE-2019-18888 GHSA-xhh6-956q-4q69
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<2.8.52|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.35|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2018-14773: Remove support for legacy and risky HTTP headers
PKSA-vh39-74ft-ywr6 CVE-2018-14773 GHSA-8wgj-6wx8-h5hq
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.49|>=2.8.0,<2.8.44|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.18|>=3.4.0,<3.4.14|>=4.0.0,<4.0.14|>=4.1.0,<4.1.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2018-11406: CSRF Token Fixation
PKSA-f442-tkzt-592s CVE-2018-11406 GHSA-g4g7-q726-v5hg
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.48|>=2.8.0,<2.8.41|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.17|>=3.4.0,<3.4.11|>=4.0.0,<4.0.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2018-11386: Denial of service when using PDOSessionHandler
PKSA-pzzd-51qv-shqy CVE-2018-11386 GHSA-r2rq-3h56-fqm4
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.48|>=2.8.0,<2.8.41|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.17|>=3.4.0,<3.4.11|>=4.0.0,<4.0.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2018-11385: Session Fixation Issue for Guard Authentication
PKSA-zzvm-fw3r-ytm8 CVE-2018-11385 GHSA-g4rg-rw65-8hfg
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.48|>=2.8.0,<2.8.41|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.17|>=3.4.0,<3.4.11|>=4.0.0,<4.0.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Unsafe methods in the Request class
PKSA-34xp-pdgg-w7tn CVE-2015-2309 GHSA-p684-f7fh-jv2j
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.27|>=2.4.0,<2.5.0|>=2.5.0,<2.5.11|>=2.6.0,<2.6.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Esi Code Injection
PKSA-vpvj-b7j9-94sm CVE-2015-2308 GHSA-5c58-w9xc-qcj9
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.27|>=2.4.0,<2.5.0|>=2.5.0,<2.5.11|>=2.6.0,<2.6.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CSRF vulnerability in the Web Profiler
PKSA-v7yj-yq6g-yszs CVE-2014-6072 GHSA-v35g-4rrw-h4fw
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Direct access of ESI URLs behind a trusted proxy
PKSA-1twh-mycd-p72h CVE-2014-5245 GHSA-wvjv-p5rr-mmqm
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Security issue when parsing the Authorization header
PKSA-hy7b-fsc8-fztz CVE-2014-6061 GHSA-h7v2-2qwg-h829
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of service with a malicious HTTP Host header
PKSA-nvg8-cqm4-3ng3 CVE-2014-5244 GHSA-v77v-x634-9m56
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Code injection in the way Symfony implements translation caching in FrameworkBundle
PKSA-yjtb-frqz-q7xt CVE-2014-4931 GHSA-wfv7-5x33-v22h
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible DOS attack with long user-submitted passwords
PKSA-ctj8-t257-k4y8 CVE-2013-5958 GHSA-cr49-fx2v-9p57
Affected version: >=2.0.0,<2.0.25|>=2.1.0,<2.1.13|>=2.2.0,<2.2.9|>=2.3.0,<2.3.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Request::getHost() poisoning
PKSA-jqr2-4r5d-hkhp CVE-2013-4752 GHSA-22pv-7v9j-hqxp
Affected version: >=2.0.0,<2.0.24|>=2.1.0,<2.1.12|>=2.2.0,<2.2.5|>=2.3.0,<2.3.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Validation metadata serialization and loss of information
PKSA-s5ck-wzp6-nx8m CVE-2013-4751 GHSA-q8j7-fjh7-25v5
Affected version: >=2.0.0,<2.0.24|>=2.1.0,<2.1.12|>=2.2.0,<2.2.5|>=2.3.0,<2.3.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Ability to enable/disable object support in YAML parsing and dumping
PKSA-t2pc-z7zq-cy53 CVE-2013-1397 GHSA-7w53-hfpw-rg3g
Affected version: >=2.0.0,<2.0.22|>=2.1.0,<2.1.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Code execution vulnerability via the "internal" routes
PKSA-t64c-jyz9-v3bf CVE-2012-6432 GHSA-89cp-fvcc-hxh7
Affected version: >=2.0.0,<2.0.20|>=2.1.0,<2.1.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Request::getClientIp() when the trust proxy mode is enabled
PKSA-vxvj-dg88-zz9x GHSA-mmcv-fvq8-r9x3
Affected version: >=2.0.0,<2.0.19|>=2.1.0,<2.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories