CVE-2018-19790 — Open Redirect in Symfony
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 36.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 18
Latest updateMay 14
Description
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages5 packages
Also affects: Debian Linux 8.0, Fedora 28
Patches
🔴Vulnerability Details
4📋Vendor Advisories
1Debian▶
CVE-2018-19790: symfony - An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8...↗2018
💬Community
5Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [epel-all]↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [fedora-all]↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony4: php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [fedora-all]↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony3: php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [fedora-all]↗2019-06-12