6.1
CVE-2018-19790
- EPSS 0.47%
- Veröffentlicht 18.12.2018 22:29:05
- Zuletzt bearbeitet 21.11.2024 03:58:33
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sensiolabs ≫ Symfony Version >= 2.7.0 < 2.7.50
Sensiolabs ≫ Symfony Version >= 2.8.0 < 2.8.49
Sensiolabs ≫ Symfony Version >= 3.0.0 < 3.4.20
Sensiolabs ≫ Symfony Version >= 4.0.0 < 4.0.15
Sensiolabs ≫ Symfony Version >= 4.1.0 < 4.1.9
Sensiolabs ≫ Symfony Version >= 4.2.0 < 4.2.1
Fedoraproject ≫ Fedora Version28
Debian ≫ Debian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.636 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.