Vulnerabilities > Sensiolabs > Symfony > 2.8.39

DATE CVE VULNERABILITY TITLE RISK
2018-12-18 CVE-2018-19789 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1.
network
low complexity
sensiolabs debian CWE-434
5.3
5.3
2018-08-03 CVE-2018-14774 Improper Input Validation vulnerability in Sensiolabs Symfony
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2.
network
low complexity
sensiolabs CWE-20
5.0
5.0
2018-08-03 CVE-2018-14773 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2.
network
low complexity
sensiolabs debian drupal
4.0
4.0
2018-06-13 CVE-2018-11408 Open Redirect vulnerability in multiple products
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container.
network
low complexity
sensiolabs debian CWE-601
6.1
6.1
2018-06-13 CVE-2018-11406 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
low complexity
sensiolabs debian CWE-352
8.8
8.8
2018-06-13 CVE-2018-11386 Insufficient Session Expiration vulnerability in multiple products
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian CWE-613
5.9
5.9
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
8.1