CVE-2018-11408
MEDIUM6.1EPSS 0.31%Symfony Open Redirect
發布日:2022/5/14修改日:2026/5/27
描述
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
受影響套件(3)
- Debian/symfonyfrom 0, < 3.4.12+dfsg-1
- Packagist/symfony/security-bundle>= 2.7.0, < 2.7.48
- Packagist/symfony/symfony>= 2.7.0, < 2.7.48
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11408
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-11408
- PATCHhttps://github.com/symfony/symfony
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml
- WEBhttps://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8
- WEBhttps://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
- WEBhttps://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
- WEBhttps://symfony.com/cve-2018-11408