symfony/http-foundation Security Advisories for 2.0.4 (10)
-
[LOW] CVE-2024-50345: Open redirect via browser-sanitized URLs
PKSA-b35n-565h-rs4q CVE-2024-50345 GHSA-mrqx-rp3w-jpjp
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
PKSA-9w98-4rwq-spxr CVE-2019-18888 GHSA-xhh6-956q-4q69
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<2.8.52|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.35|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2018-14773: Remove support for legacy and risky HTTP headers
PKSA-nqj4-v43p-2gxc CVE-2018-14773 GHSA-8wgj-6wx8-h5hq
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.49|>=2.8.0,<2.8.44|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.18|>=3.4.0,<3.4.14|>=4.0.0,<4.0.14|>=4.1.0,<4.1.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2018-11386: Denial of service when using PDOSessionHandler
PKSA-f8b8-pbjy-s9k8 CVE-2018-11386 GHSA-r2rq-3h56-fqm4
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.48|>=2.8.0,<2.8.41|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.17|>=3.4.0,<3.4.11|>=4.0.0,<4.0.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Unsafe methods in the Request class
PKSA-md26-zdw9-222r CVE-2015-2309 GHSA-p684-f7fh-jv2j
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.27|>=2.4.0,<2.5.0|>=2.5.0,<2.5.11|>=2.6.0,<2.6.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Security issue when parsing the Authorization header
PKSA-dr6c-z2rf-wh36 CVE-2014-6061 GHSA-h7v2-2qwg-h829
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of service with a malicious HTTP Host header
PKSA-rhzp-d9k8-shyq CVE-2014-5244 GHSA-v77v-x634-9m56
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Request::getHost() poisoning
PKSA-tf6z-kynr-311v CVE-2013-4752 GHSA-22pv-7v9j-hqxp
Affected version: >=2.0.0,<2.0.24|>=2.1.0,<2.1.12|>=2.2.0,<2.2.5|>=2.3.0,<2.3.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Request::getClientIp() when the trust proxy mode is enabled
PKSA-hd3k-4852-jhv2 GHSA-vfm6-r2gc-pwww
Affected version: >=2.0.0,<2.0.19|>=2.1.0,<2.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Routes behind a firewall are accessible even when not logged in
PKSA-msdq-r83n-tdy4 CVE-2012-6431 GHSA-83c3-qx27-2rwr
Affected version: >=2.0.0,<2.0.19
Reported by:
GitHub, FriendsOfPHP/security-advisories