| CVE-2012-6431 |
medium |
— |
6.4 |
|
|
|
14y ago |
Symfony Allows URI Restrictions Bypass Via Double-Encoded String |
| CVE-2018-14773 |
medium |
— |
5.5 |
|
|
|
4y ago |
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … |
| CVE-2026-48736 |
unknown |
— |
— |
|
|
|
9d ago |
CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient |
| CVE-2025-64500 |
unknown |
— |
— |
|
|
|
7mo ago |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Start… |
| CVE-2024-50345 |
unknown |
— |
— |
|
|
|
2y ago |
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters t… |
| CVE-2015-2309 |
unknown |
— |
— |
|
|
|
2y ago |
Symfony has unsafe methods in the Request class |
| CVE-2014-6061 |
unknown |
— |
— |
|
|
|
2y ago |
Symfony has a security issue when parsing the Authorization header |
| CVE-2014-5244 |
unknown |
— |
— |
|
|
|
2y ago |
Symfony vulnerable to denial of service via a malicious HTTP Host header |
| CVE-2018-11386 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c… |
| CVE-2013-4752 |
unknown |
— |
— |
|
|
|
4y ago |
Symfony Host Header Injection vulnerability in the HttpFoundation component |
| CVE-2020-5255 |
unknown |
— |
— |
|
|
|
6y ago |
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r… |
| CVE-2019-10913 |
unknown |
— |
— |
|
|
|
7y ago |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted inpu… |
| CVE-2019-18888 |
unknown |
— |
— |
|
|
|
7y ago |
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIM… |
