Friendsofsymfony1 Symfony1 vulnerabilities
2 known vulnerabilities affecting friendsofsymfony1/symfony1.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2024-28861P2CRITICALCVSS 9.8≥ 1.1.0, < 1.5.9v>= 1.1.0, < 1.5.192024-03-22
CVE-2024-28861 [CRITICAL] CWE-502 CVE-2024-28861: Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects.
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user
ghsanvdosv
CVE-2024-28859P2CRITICALCVSS 9.0≥ 1.3.0, < 1.5.18v>= 1.3.0, < 1.5.182024-03-15
CVE-2024-28859 [CRITICAL] CWE-502 CVE-2024-28859: Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerabi
ghsanvdosv