CVE-2024-51736
- EPSS 0.24%
- Veröffentlicht 06.11.2024 21:15:06
- Zuletzt bearbeitet 04.09.2025 16:08:00
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when prepar...
CVE-2024-50345
- EPSS 0.12%
- Veröffentlicht 06.11.2024 21:15:06
- Zuletzt bearbeitet 04.09.2025 16:09:49
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker c...
CVE-2024-50340
- EPSS 84.2%
- Veröffentlicht 06.11.2024 21:15:05
- Zuletzt bearbeitet 08.11.2024 19:01:25
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are ...
CVE-2023-46735
- EPSS 1.94%
- Veröffentlicht 10.11.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:29:11
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3...
CVE-2023-46734
- EPSS 0.99%
- Veröffentlicht 10.11.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:29:11
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but ...
CVE-2023-46733
- EPSS 0.81%
- Veröffentlicht 10.11.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:29:11
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every success...
CVE-2022-24895
- EPSS 0.02%
- Veröffentlicht 03.02.2023 22:15:11
- Zuletzt bearbeitet 13.02.2025 17:15:38
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not ...
CVE-2022-24894
- EPSS 0.12%
- Veröffentlicht 03.02.2023 22:15:10
- Zuletzt bearbeitet 10.04.2025 20:54:30
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent chan...
CVE-2022-23601
- EPSS 0.17%
- Veröffentlicht 01.02.2022 13:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:54
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control ...
- EPSS 0.87%
- Veröffentlicht 24.11.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:56
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vul...