pkg:Debian/symfony

所有已知漏洞

• CRITICAL9.8CVE-2018-11407Symfony Authentication Bypass
  from 0, < 3.4.12+dfsg-1
• CRITICAL9.8CVE-2016-2403symfony - security update
  from 0, < 2.8.7+dfsg-1.3+deb9u1
• CRITICAL9.8CVE-2016-2403symfony - security update
  from 0, < 2.8.6+dfsg-1
• CRITICAL9.8Improper Input Validation in Symfony
  from 0, < 4.3.8+dfsg-1
• CRITICAL9.8Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
  from 0, < 3.4.22+dfsg-2
• CRITICAL9.8Symfony Unsafe Cache Serialization Could Enable RCE
  from 0, < 4.3.8+dfsg-1
• CRITICAL9.8Symfony Service IDs Allow Injection
  from 0, < 3.4.22+dfsg-2
• HIGH8.8Symfony CSRF Token Fixation
  from 0, < 3.4.12+dfsg-1
• HIGH8.1Symfony Session Fixation Vulnerability
  from 0, < 3.4.12+dfsg-1
• HIGH8.1symfony - security update
  from 0, < 4.3.8+dfsg-1
• HIGH8.1symfony - security update
  from 0, < 2.8.7+dfsg-1.3+deb9u3
• HIGH8.0RCE in Symfony
  from 0, < 4.4.13+dfsg-1
• HIGH7.6Firewall configured with unanimous strategy was not actually unanimous in Symfony
  from 0, < 4.4.8-1
• HIGH7.5In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cas…
  from 0
• HIGH7.5symfony - security update
  from 0, < 5.4.23+dfsg-1+deb12u4
• HIGH7.5symfony - security update
  from 0, < 5.4.23+dfsg-1+deb12u4
• HIGH7.5Symphony Denial of Service Via Overlong Usernames
  from 0, < 2.8.6+dfsg-1
• HIGH7.5symfony - security update
  from 0, < 2.3.21+dfsg-4+deb8u3
• HIGH7.5symfony - security update
  from 0, < 2.7.9+dfsg-1
• HIGH7.5Symfony Directory Traversal
  from 0, < 3.4.0+dfsg-1
• HIGH7.5Improper authentication in Symfony
  from 0, < 3.4.22+dfsg-2
• HIGH7.5Argument injection in a MimeTypeGuesser in Symfony
  from 0, < 4.3.8+dfsg-1
• HIGH7.3Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
  from 0
• HIGH7.3symfony - security update
  from 0, < 5.4.23+dfsg-1+deb12u3
• HIGH7.3symfony - security update
  from 0, < 5.4.23+dfsg-1+deb12u3
• HIGH7.2Symfony Host Header Injection
  from 0, < 3.4.14+dfsg-1
• HIGH7.1Deserialization of untrusted data in Symfony
  from 0, < 3.4.22+dfsg-2
• MEDIUM6.5Symfony possible session fixation vulnerability
  from 0, < 5.4.23+dfsg-1+deb12u1
• MEDIUM6.5Symfony SSRF Vulnerability via Form Component
  from 0, < 3.4.0+dfsg-1
• MEDIUM6.5symfony - security update
  from 0, < 2.8.7+dfsg-1.3+deb9u2
• MEDIUM6.5symfony - security update
  from 0, < 3.4.14+dfsg-1
• MEDIUM6.5CSV Injection in symfony/serializer
  from 0, < 4.4.19+dfsg-2+deb11u1
• MEDIUM6.3Symfony vulnerable to Session Fixation of CSRF tokens
  from 0, < 4.4.19+dfsg-2+deb11u2
• MEDIUM6.1symfony - security update
  from 0, < 4.4.19+dfsg-2+deb11u4
• MEDIUM6.1symfony - security update
  from 0, < 3.4.22+dfsg-2+deb10u3
• MEDIUM6.1symfony - security update
  from 0, < 3.4.0+dfsg-1
• MEDIUM6.1symfony - security update
  from 0, < 2.3.21+dfsg-4+deb8u4
• MEDIUM6.1Symfony Open Redirect
  from 0, < 3.4.12+dfsg-1
• MEDIUM6.1Symfony Open Redirect
  from 0, < 3.4.20+dfsg-1
• MEDIUM6.1The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key dur…
  from 0, < 3.4.0+dfsg-1
• MEDIUM6.1Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitr…
  from 0, < 3.4.12+dfsg-1
• MEDIUM5.9Symfony storing cookie headers in HttpCache
  from 0, < 4.4.19+dfsg-2+deb11u2
• MEDIUM5.9Symfony DoS
  from 0, < 3.4.12+dfsg-1
• MEDIUM5.9Symfony CSRF Vulnerability
  from 0, < 3.4.0+dfsg-1
• MEDIUM5.4symfony - security update
  from 0, < 2.3.21+dfsg-4+deb8u5
• MEDIUM5.4symfony - security update
  from 0, < 3.4.22+dfsg-2
• MEDIUM5.3Symfony has unsafe methods in the Request class
  from 0, < 2.3.21+dfsg-4
• MEDIUM5.3Symfony Path Disclosure
  from 0, < 3.4.20+dfsg-1
• MEDIUM5.3symfony - security update
  from 0, < 4.4.19+dfsg-2
• MEDIUM5.3symfony - security update
  from 0, < 3.4.22+dfsg-2+deb10u2
• MEDIUM5.3symfony - security update
  from 0, < 2.3.21+dfsg-4+deb8u6
• MEDIUM5.3symfony - security update
  from 0, < 4.3.8+dfsg-1
• MEDIUM4.6Exceptions displayed in non-debug configurations in Symfony
  from 0, < 4.4.8-1
• LOW3.1Symfony vulnerable to open redirect via browser-sanitized URLs
  from 0, < 4.4.19+dfsg-2+deb11u7
• LOW3.1symfony - security update
  from 0, < 4.4.19+dfsg-2+deb11u7
• LOW3.1symfony - security update
  from 0, < 4.4.19+dfsg-2+deb11u7
• LOW3.1Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
  from 0, < 5.4.23+dfsg-1+deb12u3
• LOW3.1Symfony's `Security::login` does not take into account custom `user_checker`
  from 0, < 6.4.10+dfsg-1
• LOW3.1symfony - security update
  from 0, < 2.3.21+dfsg-4+deb8u2
• LOW3.1symfony - security update
  from 0, < 2.7.7+dfsg-1
• LOW2.6Prevent cache poisoning via a Response Content-Type header in Symfony
  from 0, < 4.4.8-1
• —Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
  from 0
• —Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
  from 0
• —Symfony hardened the parser when handling untrusted input
  from 0
• —Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
  from 0
• —Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
  from 0, < 7.4.12+dfsg-1
• —Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
  from 0, < 7.4.12+dfsg-1
• —Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
  from 0
• —Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
  from 0
• —Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
  from 0
• —Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
  from 0
• —Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
  from 0
• —Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
  from 0
• —Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
  from 0
• —Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
  from 0
• —Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
  from 0
• —(無摘要)
  from 0
• —(無摘要)
  from 0
• —(無摘要)
  from 0
• —(無摘要)
  from 0
• —(無摘要)
  from 0
• —(無摘要)
  from 0
• —Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
  from 0
• —Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
  from 0
• —Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
  from 0, < 7.4.12+dfsg-1
• —Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
  from 0
• —Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
  from 0
• —Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
  from 0, < 7.4.12+dfsg-1
• —(無摘要)
  from 0
• —Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
  from 0
• —Symfony Vulnerable to PHP Eval Injection
  from 0, < 2.3.21+dfsg-4
• —Symfony Vulnerable to Timing Attack
  from 0, < 2.7.7+dfsg-1
• —symfony - security update
  from 0, < 2.3.21+dfsg-4+deb8u1
• —symfony - security update
  from 0, < 2.7.0~beta2+dfsg-2
• —Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests…
  from 0, < 1.0.21-1.1
• —asterisk - several vulnerabilities
  from 0, < 1.0.21-1.1