symfony/symfony Security Advisories - Packagist

packagist symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard

Moderate

over 5 years ago

Exceptions displayed in non-debug configurations in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ODQtMjc5aC0zMnYy

packagist symfony/symfony, symfony/error-handler

Moderate

almost 6 years ago

User enumeration leak using switch user functionality in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn

packagist symfony/symfony, symfony/security-http

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

symfony/symfony

Symfony allows changing the environment through a query GSA_kwCzR0hTQS14OHZwLWdmNHEtbXc1as4ABBBb

Symfony2 improper IP based access control GSA_kwCzR0hTQS1oeDUzLWpjaHgtY3I1Ms4AA8ji

Symfony may allow a user to switch to using another user's identity GSA_kwCzR0hTQS03bXgyLTdxOHAtcGdtd84AA8jf

Symfony has unsafe methods in the Request class GSA_kwCzR0hTQS1wNjg0LWY3ZmgtanYyas4AA8jb

Symfony has a security issue when parsing the Authorization header GSA_kwCzR0hTQS1oN3YyLTJxd2ctaDgyOc4AA8ja

Symfony2 security issue when the trust proxy mode is enabled GSA_kwCzR0hTQS12Zm02LXIyZ2MtcHd3d84AA8jY

Symfony potential Cross-site Scripting in WebhookController GSA_kwCzR0hTQS03MngyLTVjODUtNndtcs4AA3Cz

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy

Symfony possible session fixation vulnerability GSA_kwCzR0hTQS1tMndqLXI2ZzMtZnhmeM4AA3Cx

Symfony storing cookie headers in HttpCache GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO

Symfony vulnerable to Session Fixation of CSRF tokens GSA_kwCzR0hTQS0zZ3YyLTI5cWMtdjY3bc4AAxVN

Symfony Access Control Vulnerability GSA_kwCzR0hTQS04OWNwLWZ2Y2MtaHhoN84AAfYj

Symfony Allows URI Restrictions Bypass Via Double-Encoded String GSA_kwCzR0hTQS04M2MzLXF4MjctMnJ3cs4AAfXs

Symfony Denial of Service Via Long Password Hashing GSA_kwCzR0hTQS1jcjQ5LWZ4MnYtOXA1N84AAd7g

Symfony Vulnerable to PHP Eval Injection GSA_kwCzR0hTQS01YzU4LXc5eGMtcWNqOc4AAc0N

Symfony Incorrect Access Control GSA_kwCzR0hTQS1xbXF3LW1wcXAtbXI1NM4AAcRE

Symfony SSRF Vulnerability via Form Component GSA_kwCzR0hTQS1jcXFoLTk0cjYtd2pyZ84AAV2m

Symfony Open Redirect GSA_kwCzR0hTQS04OXIyLTVnMzQtMmc0N84AATfR

Symfony CSRF Vulnerability GSA_kwCzR0hTQS05Mng2LWgyZ3ItOGd4cc4AASJF

Symfony HTTP Foundation web cache poisoning GSA_kwCzR0hTQS04d2dqLTZ3eDgtaDVocc3r4Q

CSV Injection in symfony/serializer GSA_kwCzR0hTQS0yeGhnLXcyZzUtdzk1eM0YGA

Cookie persistence after password changes in symfony/security-bundle GSA_kwCzR0hTQS1xdzM2LXA5N3ctdmNxcs0YFw

Webcache Poisoning in symfony/http-kernel GSA_kwCzR0hTQS1xM2ozLXczN3gtaHEycc0YFQ

Authentication granted to all firewalls instead of just one MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmY2YtbTY3bS1qY3Jx

Prevent user enumeration using Guard or the new Authenticator-based Security MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwdjgtcHB2ai00aDY4

Exceptions displayed in non-debug configurations in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ODQtMjc5aC0zMnYy

User enumeration leak using switch user functionality in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn

Filter by Severity