Vulnerabilities > Sensiolabs > Symfony > 2.7.39
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-03 | CVE-2018-14774 | Improper Input Validation vulnerability in Sensiolabs Symfony An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. | 7.2 |
| 2018-08-03 | CVE-2018-14773 | An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. | 6.5 |
| 2018-06-13 | CVE-2018-11408 | Open Redirect vulnerability in multiple products The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. | 6.1 |
| 2018-06-13 | CVE-2018-11406 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 8.8 |
| 2018-06-13 | CVE-2018-11386 | Insufficient Session Expiration vulnerability in multiple products An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 5.9 |
| 2018-06-13 | CVE-2018-11385 | Session Fixation vulnerability in multiple products An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 8.1 |