Vulnerabilities > Sensiolabs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-5255 | Improper Input Validation vulnerability in Sensiolabs Symfony In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. | 4.3 |
| 2020-01-02 | CVE-2013-4752 | Cross-site Scripting vulnerability in multiple products Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. | 4.3 |
| 2019-11-21 | CVE-2019-18886 | Information Exposure vulnerability in Sensiolabs Symfony An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. | 5.0 |
| 2019-11-01 | CVE-2013-4751 | Improper Input Validation vulnerability in multiple products php-symfony2-Validator has loss of information during serialization | 4.9 |
| 2019-05-16 | CVE-2019-10911 | Improper Authentication vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. | 6.0 |
| 2018-12-18 | CVE-2018-19790 | Open Redirect vulnerability in multiple products An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. | 6.1 |
| 2018-12-18 | CVE-2018-19789 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. | 5.3 |
| 2018-08-06 | CVE-2017-16790 | Improper Input Validation vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 4.0 |
| 2018-08-06 | CVE-2017-16654 | Path Traversal vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 5.0 |
| 2018-08-06 | CVE-2017-16653 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 4.3 |