| CVE-2015-2308 |
medium |
— |
6.8 |
|
|
|
11y ago |
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP … |
| CVE-2026-45075 |
medium |
— |
5.5 |
|
|
|
15d ago |
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] |
| CVE-2015-4050 |
medium |
— |
4.3 |
|
|
|
11y ago |
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if … |
| CVE-2014-5245 |
unknown |
— |
— |
|
|
|
2y ago |
Symfony allows direct access of ESI URLs behind a trusted proxy |
| CVE-2022-24894 |
unknown |
— |
— |
|
|
|
3y ago |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers… |
| CVE-2019-18887 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h… |
| CVE-2021-41267 |
unknown |
— |
— |
|
|
|
5y ago |
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers"… |
| CVE-2020-15094 |
unknown |
— |
— |
|
|
|
6y ago |
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X… |
