Vulnerabilities > Symfony
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-45411 | Unspecified vulnerability in Symfony Twig Twig is a template language for PHP. | 8.6 |
| 2023-09-11 | CVE-2023-41336 | Improper Input Validation vulnerability in Symfony UX Autocomplete ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. | 6.5 |
| 2022-09-28 | CVE-2022-39261 | Path Traversal vulnerability in multiple products Twig is a template language for PHP. | 7.5 |
| 2022-02-04 | CVE-2022-23614 | Code Injection vulnerability in multiple products Twig is an open source template language for PHP. | 9.8 |
| 2019-03-23 | CVE-2019-9942 | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | 4.3 |
| 2018-07-10 | CVE-2018-13818 | Code Injection vulnerability in Symfony Twig Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. | 9.8 |
| 2015-11-06 | CVE-2015-7809 | Permissions, Privileges, and Access Controls vulnerability in Symfony Twig The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | 6.8 |
| 2001-12-31 | CVE-2001-1537 | Cleartext Storage of Sensitive Information vulnerability in Symfony Twig The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | 7.5 |