CVE-2019-18887
EUVD-2022-151521.11.2019, 23:15
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sensiolabs | symfony | 2.8.0 ≤ 𝑥 ≤ 2.8.50 |
| sensiolabs | symfony | 3.4.0 ≤ 𝑥 ≤ 3.4.34 |
| sensiolabs | symfony | 4.2.0 ≤ 𝑥 ≤ 4.2.11 |
| sensiolabs | symfony | 4.3.0 ≤ 𝑥 ≤ 4.3.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References