Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Symfony
(Sensiolabs)Repositories | https://github.com/symfony/symfony |
#Vulnerabilities | 57 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-06-02 | CVE-2013-1348 | The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. | Symfony | N/A | ||
2012-12-27 | CVE-2012-6432 | Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. | Symfony | N/A | ||
2012-12-27 | CVE-2012-6431 | Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. | Symfony | N/A | ||
2012-12-18 | CVE-2012-5574 | lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | Symfony | N/A | ||
2012-06-07 | CVE-2012-2667 | Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | Symfony | N/A |