Vulnerabilities > Sensiolabs > Symfony > 2.7.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-06 | CVE-2017-16790 | Improper Input Validation vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 6.5 |
2018-08-06 | CVE-2017-16654 | Path Traversal vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 7.5 |
2018-08-06 | CVE-2017-16653 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 5.9 |
2018-08-03 | CVE-2018-14774 | Improper Input Validation vulnerability in Sensiolabs Symfony An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. | 7.2 |
2018-08-03 | CVE-2018-14773 | An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. | 6.5 |
2018-07-20 | CVE-2017-18343 | Cross-site Scripting vulnerability in Sensiolabs Symfony The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. | 6.1 |
2018-06-13 | CVE-2018-11408 | Open Redirect vulnerability in multiple products The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. | 6.1 |
2018-06-13 | CVE-2018-11406 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 8.8 |
2018-06-13 | CVE-2018-11386 | Insufficient Session Expiration vulnerability in multiple products An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 5.9 |
2018-06-13 | CVE-2018-11385 | Session Fixation vulnerability in multiple products An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 8.1 |