CVE-2017-11365
CRITICAL9.8EPSS 0.36%Symfony Incorrect Access Control
Published: 5/24/2022Modified: 2/16/2024
Also known as:GHSA-q87v-q8fw-gmj5
Description
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
Affected packages (3)
- Packagist/symfony/security>= 2.7.30, < 2.7.32
- Packagist/symfony/security-core>= 2.7.30, < 2.7.32
- Packagist/symfony/symfony>= 2.7.30, < 2.7.32
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-11365
- PATCHhttps://github.com/symfony/symfony
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
- WEBhttps://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
- WEBhttps://github.com/symfony/symfony/pull/23507
- WEBhttps://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
- WEBhttps://symfony.com/cve-2017-11365