Multiple vulnerabilities in Symfony

Published: 2019-12-02 | Updated: 2019-12-02
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CWE ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software Symfony Subscribe
Vendor SensioLabs

Security Notice

This security alert describes multiple issues in Symfony.

This bulletin will be updated soon with detailed description of vulnerabilities.

1) Permissions, Privileges, and Access Controls

Severity: Medium

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Vulnerable software versions

Symfony: 3.4.0, 3.4.0-1, 3.4.0-2, 3.4.0-3, 3.4.0-4, 3.4.01, 3.4.02, 3.4.03, 3.4.04, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 3.4.17, 3.4.18, 3.4.19, 3.4.20, 3.4.21, 3.4.22, 3.4.23, 3.4.24, 3.4.25, 3.4.26, 3.4.27, 3.4.28, 3.4.29, 3.4.30, 3.4.31, 3.4.32, 3.4.33, 3.4.34, 3.4.35, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.4.0, 5.0.0

CPE External links

https://symfony.com/blog/symfony-5-0-1-released

https://github.com/symfony/symfony/pull/34627

https://github.com/symfony/symfony/pull/34671

https://github.com/symfony/symfony/pull/34536

https://github.com/symfony/symfony/pull/34551


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing