CVE-2015-2309Improper Input Validation in Http-foundation

CWE-20Improper Input Validation3 documents3 sources
Severity
MEDIUM
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symfony Http-foundationSymfony
Timeline
PublishedMay 30

Description

Symfony has unsafe methods in the Request class All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not maintained anymore. ### Description The Symfony\Component\HttpFoundation\Request class provides a mechanism that ensures it does not trust HTTP header values co

Affected Packages2 packages

Packagistsymfony/http-foundation2.0.02.3.27+2
Packagistsymfony/symfony2.0.02.3.27+2

🔴Vulnerability Details

2
GHSA
Symfony has unsafe methods in the Request class2024-05-30
OSV
Symfony has unsafe methods in the Request class2024-05-30

📋Vendor Advisories

1
Debian
CVE-2015-2309: symfony2015
CVE-2015-2309 — Improper Input Validation | cvebase