Critical severityNVD Advisory· Published May 23, 2019· Updated Aug 5, 2024
CVE-2017-11365
CVE-2017-11365
Description
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symfony/security-corePackagist | >= 2.7.30, < 2.7.32 | 2.7.32 |
symfony/security-corePackagist | >= 2.8.23, < 2.8.25 | 2.8.25 |
symfony/security-corePackagist | >= 3.2.10, < 3.2.12 | 3.2.12 |
symfony/security-corePackagist | >= 3.3.3, < 3.3.5 | 3.3.5 |
symfony/securityPackagist | >= 2.7.30, < 2.7.32 | 2.7.32 |
symfony/securityPackagist | >= 2.8.23, < 2.8.25 | 2.8.25 |
symfony/securityPackagist | >= 3.2.10, < 3.2.12 | 3.2.12 |
symfony/securityPackagist | >= 3.3.3, < 3.3.5 | 3.3.5 |
symfony/symfonyPackagist | >= 2.7.30, < 2.7.32 | 2.7.32 |
symfony/symfonyPackagist | >= 2.8.23, < 2.8.25 | 2.8.25 |
symfony/symfonyPackagist | >= 3.2.10, < 3.2.12 | 3.2.12 |
symfony/symfonyPackagist | >= 3.3.3, < 3.3.5 | 3.3.5 |
Affected products
4- Symfony/Symfonydescription
- ghsa-coords3 versions
>= 2.7.30, < 2.7.32+ 2 more
- (no CPE)range: >= 2.7.30, < 2.7.32
- (no CPE)range: >= 2.7.30, < 2.7.32
- (no CPE)range: >= 2.7.30, < 2.7.32
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-q87v-q8fw-gmj5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11365ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yamlghsaWEB
- github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3fghsax_refsource_MISCWEB
- github.com/symfony/symfony/pull/23507ghsax_refsource_MISCWEB
- symfony.com/blog/cve-2017-11365-empty-passwords-validation-issueghsaWEB
- symfony.com/cve-2017-11365ghsaWEB
News mentions
0No linked articles in our index yet.