CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41270 – CSV Injection in Symfony
https://notcve.org/view.php?id=CVE-2021-41270
24 Nov 2021 — Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in t... • https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41267 – Webcache Poisoning in Symfony
https://notcve.org/view.php?id=CVE-2021-41267
24 Nov 2021 — Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to f... • https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41268 – Cookie persistence in Symfony
https://notcve.org/view.php?id=CVE-2021-41268
24 Nov 2021 — Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with version 5.3.12, Symfony makes the password p... • https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32693 – Authentication granted with multiple firewalls
https://notcve.org/view.php?id=CVE-2021-32693
17 Jun 2021 — Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the app... • https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21424 – Prevent user enumeration using Guard or the new Authenticator-based Security
https://notcve.org/view.php?id=CVE-2021-21424
13 May 2021 — Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. Symfony es un framework PHP ... • https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •