Vulnerabilities > Symfony
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-09 | CVE-2024-45411 | Unspecified vulnerability in Symfony Twig Twig is a template language for PHP. | 8.6 |
2023-09-11 | CVE-2023-41336 | Unspecified vulnerability in Symfony UX Autocomplete ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. | 6.5 |
2022-09-28 | CVE-2022-39261 | Path Traversal vulnerability in multiple products Twig is a template language for PHP. | 7.5 |
2022-02-04 | CVE-2022-23614 | Code Injection vulnerability in multiple products Twig is an open source template language for PHP. | 9.8 |
2019-03-23 | CVE-2019-9942 | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | 3.7 |
2018-07-10 | CVE-2018-13818 | Code Injection vulnerability in Symfony Twig Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. | 9.8 |
2001-12-31 | CVE-2001-1537 | Cleartext Storage of Sensitive Information vulnerability in Symfony Twig The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | 7.5 |