Search CVE reports
101 – 110 of 42760 results
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted URL-bearing attributes on...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting characters but not percent-encoded...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature as algo=signature and passed...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATE_SUBNETS omitted IPv6 transition...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-supplied _failure_path...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used because...
1 affected package
puma
| Package | 20.04 LTS |
|---|---|
| puma | Needs evaluation |
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, when PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer while waiting for CRLF to determine whether a...
1 affected package
puma
| Package | 20.04 LTS |
|---|---|
| puma | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook secret but ignored the...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true before loadXML(),...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |