CVE-2018-11408
EUVD-2022-301513.06.2018, 16:29
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sensiolabs | symfony | 2.7.0 ≤ 𝑥 < 2.7.48 |
| sensiolabs | symfony | 2.8.0 ≤ 𝑥 < 2.8.41 |
| sensiolabs | symfony | 3.3.0 ≤ 𝑥 < 3.3.17 |
| sensiolabs | symfony | 3.4.0 ≤ 𝑥 < 3.4.11 |
| sensiolabs | symfony | 4.0.0 ≤ 𝑥 < 4.0.11 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References