Main Vulnerability Database SB2019110114

SB2019110114 - Multiple vulnerabilities in SensioLabs Symfony

Published: November 1, 2019 Updated: July 17, 2020

Security Bulletin ID SB2019110114

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2013-4752)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

2) Input validation error (CVE-ID: CVE-2013-4751)

The vulnerability allows a remote authenticated user to read and manipulate data.

php-symfony2-Validator has loss of information during serialization

Remediation

Install update from vendor's website.

SB2019110114 - Multiple vulnerabilities in SensioLabs Symfony

Breakdown by Severity

Description

Remediation

References

Please verify you're human