Symfony Framework-Bundle vulnerabilities

3 known vulnerabilities affecting symfony/framework-bundle.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2014-4931HIGH≥ 2.0.0, < 2.3.18≥ 2.4.0, < 2.4.8+1 more2024-05-30

CVE-2014-4931 [HIGH] CWE-94 Code injection in the way Symfony implements translation caching in FrameworkBundle Code injection in the way Symfony implements translation caching in FrameworkBundle When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if y

CVE-2022-23601HIGH≥ 5.3.14, < 5.3.15≥ 5.4.3, < 5.4.4+1 more2022-02-01

CVE-2022-23601 [HIGH] CWE-352 CSRF token missing in Symfony CSRF token missing in Symfony Description The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled.

CVE-2019-10909MEDIUM≥ 2.7.0, < 2.7.51≥ 2.8.0, < 2.8.50+3 more2019-11-12

CVE-2019-10909 [MEDIUM] CWE-79 Symfony Cross-site Scripting (XSS) vulnerability Symfony Cross-site Scripting (XSS) vulnerability In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.