Vulnerabilities > Sensiolabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-21 | CVE-2019-18886 | Information Exposure vulnerability in Sensiolabs Symfony An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. | 5.0 |
| 2019-11-01 | CVE-2013-4751 | Improper Input Validation vulnerability in multiple products php-symfony2-Validator has loss of information during serialization | 4.9 |
| 2019-05-23 | CVE-2017-11365 | Improper Access Control vulnerability in Sensiolabs Symfony Certain Symfony products are affected by: Incorrect Access Control. | 7.5 |
| 2019-05-16 | CVE-2019-10913 | Cross-site Scripting vulnerability in Sensiolabs Symfony In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. | 7.5 |
| 2019-05-16 | CVE-2019-10912 | Deserialization of Untrusted Data vulnerability in Sensiolabs Symfony In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. | 7.1 |
| 2019-05-16 | CVE-2019-10911 | Improper Authentication vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. | 6.0 |
| 2019-05-16 | CVE-2019-10910 | SQL Injection vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. | 7.5 |
| 2019-05-16 | CVE-2019-10909 | Cross-site Scripting vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. | 3.5 |
| 2018-12-18 | CVE-2018-19790 | Open Redirect vulnerability in multiple products An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. | 6.1 |
| 2018-12-18 | CVE-2018-19789 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. | 5.3 |