CVE-2017-11365
CRITICAL9.8EPSS 0.36%Symfony Incorrect Access Control
發布日:2022/5/24修改日:2024/2/16
描述
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
受影響套件(3)
- Packagist/symfony/security>= 2.7.30, < 2.7.32
- Packagist/symfony/security-core>= 2.7.30, < 2.7.32
- Packagist/symfony/symfony>= 2.7.30, < 2.7.32
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-11365
- PATCHhttps://github.com/symfony/symfony
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
- WEBhttps://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
- WEBhttps://github.com/symfony/symfony/pull/23507
- WEBhttps://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
- WEBhttps://symfony.com/cve-2017-11365