Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Symfony


Published: 2019-12-02 | Updated: 2019-12-02
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CWE ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Symfony
Web applications / CMS

Vendor SensioLabs

Security Notice

This security alert describes multiple issues in Symfony.

This bulletin will be updated soon with detailed description of vulnerabilities.

1) Permissions, Privileges, and Access Controls

Severity: Medium

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Vulnerable software versions

Symfony: 3.4.0, 3.4.0-1, 3.4.0-2, 3.4.0-3, 3.4.0-4, 3.4.01, 3.4.02, 3.4.03, 3.4.04, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 3.4.17, 3.4.18, 3.4.19, 3.4.20, 3.4.21, 3.4.22, 3.4.23, 3.4.24, 3.4.25, 3.4.26, 3.4.27, 3.4.28, 3.4.29, 3.4.30, 3.4.31, 3.4.32, 3.4.33, 3.4.34, 3.4.35, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.4.0, 5.0.0

CPE External links

https://symfony.com/blog/symfony-5-0-1-releasedhttps://github.com/symfony/symfony/pull/34627https://github.com/symfony/symfony/pull/34671https://github.com/symfony/symfony/pull/34536https://github.com/symfony/symfony/pull/34551

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing