Vulnerabilities > Sensiolabs > Symfony > 3.4.24

DATE CVE VULNERABILITY TITLE RISK
2019-05-16 CVE-2019-10911 Improper Authentication vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
network
high complexity
sensiolabs drupal CWE-287
7.5
7.5
2019-05-16 CVE-2019-10910 SQL Injection vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution.
network
low complexity
sensiolabs drupal CWE-89
critical
 9.8
9.8
2019-05-16 CVE-2019-10909 Cross-site Scripting vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.
network
low complexity
sensiolabs drupal CWE-79
5.4
5.4