Packagist (Composer) package
symfony/framework-bundle
pkg:composer/symfony/framework-bundle
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-4931 | hig | — | >= 2.0.0, < 2.3.18 | 2.3.18 | May 30, 2024 | When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony applica | |
| CVE-2022-23601 | — | >= 5.3.14, < 5.3.15 | 5.3.15 | Feb 1, 2022 | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the use | ||
| CVE-2019-10909 | — | >= 2.7.0, < 2.7.51 | 2.7.51 | May 16, 2019 | In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. |
- affected >= 2.0.0, < 2.3.18fixed 2.3.18
When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony applica
- CVE-2022-23601Feb 1, 2022affected >= 5.3.14, < 5.3.15fixed 5.3.15
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the use
- CVE-2019-10909May 16, 2019affected >= 2.7.0, < 2.7.51fixed 2.7.51
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.