Vulnerabilities > Sensiolabs > Symfony > 2.2.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-27 | CVE-2013-5958 | Resource Management Errors vulnerability in Sensiolabs Symfony The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. | 5.0 |
2014-06-02 | CVE-2013-1397 | Code Injection vulnerability in Sensiolabs Symfony Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | 7.5 |