ReportizFlow
Filtered by vendor Symfony
Subscriptions
Filtered by product Symfony
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36611 | 1 Symfony | 1 Symfony | 2024-12-04 | 7.5 High |
| In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. NOTE: the Supplier has concluded that this is a false report. | ||||
| CVE-2024-51736 | 1 Symfony | 1 Symfony | 2024-11-22 | 0 Low |
| Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
Page 1 of 1.