CVE-2024-28861
- EPSS 1.04%
- Published 22.03.2024 17:15:07
- Last modified 21.11.2024 09:07:03
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder`...
- EPSS 1.97%
- Published 15.03.2024 23:15:08
- Last modified 21.11.2024 09:07:03
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attack...
- EPSS 0.47%
- Published 25.09.2013 10:31:29
- Last modified 11.04.2025 00:51:21
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 c...