Vulnerabilities > Symfony

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2024-45411 Unspecified vulnerability in Symfony Twig
Twig is a template language for PHP.
network
low complexity
symfony
8.6
2023-09-11 CVE-2023-41336 Unspecified vulnerability in Symfony UX Autocomplete
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony.
network
low complexity
symfony
6.5
2022-09-28 CVE-2022-39261 Path Traversal vulnerability in multiple products
Twig is a template language for PHP.
network
low complexity
symfony drupal fedoraproject debian CWE-22
7.5
2022-02-04 CVE-2022-23614 Code Injection vulnerability in multiple products
Twig is an open source template language for PHP.
network
low complexity
symfony fedoraproject debian CWE-94
critical
9.8
2019-03-23 CVE-2019-9942 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
network
high complexity
symfony debian
3.7
2018-07-10 CVE-2018-13818 Code Injection vulnerability in Symfony Twig
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter.
network
low complexity
symfony CWE-94
critical
9.8
2001-12-31 CVE-2001-1537 Cleartext Storage of Sensitive Information vulnerability in Symfony Twig
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
network
low complexity
symfony CWE-312
7.5