CVSS: 7.5EPSS: 74%CPEs: 3EXPL: 1CVE-2024-50340 – Ability to change environment from query in symfony/runtime
https://notcve.org/view.php?id=CVE-2024-50340
06 Nov 2024 — symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known... • https://github.com/Nyamort/CVE-2024-50340 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50342 – Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
https://notcve.org/view.php?id=CVE-2024-50342
06 Nov 2024 — symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this ... • https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50343 – Incorrect response from Validator when input ends with `\n` in symfony/validator
https://notcve.org/view.php?id=CVE-2024-50343
06 Nov 2024 — symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50345 – Open redirect via browser-sanitized URLs in symfony/http-foundation
https://notcve.org/view.php?id=CVE-2024-50345
06 Nov 2024 — symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.... • https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51736 – Command execution hijack on Windows with Process class in symfony/process
https://notcve.org/view.php?id=CVE-2024-51736
06 Nov 2024 — Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23601 – CSRF token missing in Symfony
https://notcve.org/view.php?id=CVE-2022-23601
01 Feb 2022 — Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change ... • https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 2CVE-2017-18343
https://notcve.org/view.php?id=CVE-2017-18343
20 Jul 2018 — The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar ** EN DISPUTA ** El manipulador de depuración en Symfony, en versiones anteriores ... • https://github.com/barryvdh/laravel-debugbar/issues/850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2016-1902 – Debian Security Advisory 3588-1
https://notcve.org/view.php?id=CVE-2016-1902
30 May 2016 — The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. La función nextBytes en la clase SecureRandom en Symfony en versiones anteriores a 2.3.37, 2.6.x en versiones anteriores a 2.... • http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 0CVE-2016-4423 – Debian Security Advisory 3588-1
https://notcve.org/view.php?id=CVE-2016-4423
30 May 2016 — The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. La función attemptAuthentication en Component/Security/Http/Firewall/UsernamePa... • http://www.debian.org/security/2016/dsa-3588 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2012-5574 – Gentoo Linux Security Advisory 201405-25
https://notcve.org/view.php?id=CVE-2012-5574
18 Dec 2012 — lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. lib/form/sfForm.class.php en Symfony CMS anterior a v1.4.20 permite a atacantes remotos leer archivos de su elección a través de una petición de carga manipulada. A vulnerability in Symfony may allow remote attackers to read arbitrary files. Versions less than 1.4.20 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093698.html • CWE-264: Permissions, Privileges, and Access Controls •