Movatterモバイル変換

Skip to content

symfony/symfonyPublic

NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.1k

Security

SECURITY.md

Security Policy

DO NOT PUBLISH SECURITY REPORTS PUBLICLY.

If you found any issues that might have security implications,please send a report to security[at]symfony.com

The fullSecurity Policy is described in the official documentation.

Authentication Bypass via persisted RememberMe cookie
GHSA-cg23-qf8f-62rr publishedNov 13, 2024 bynicolas-grekas
High
Command execution hijack on Windows with Process class
GHSA-qq5c-677p-737q publishedNov 6, 2024 bynicolas-grekas
Low
Open redirect via browser-sanitized URLs
GHSA-mrqx-rp3w-jpjp publishedNov 6, 2024 bynicolas-grekas
Low
Incorrect response from Validator when input ends with `\n`
GHSA-g3rh-rrhp-jhh9 publishedNov 6, 2024 bynicolas-grekas
Low
Security::login does not take into account custom user_checker
GHSA-jxgr-3v7q-3w9v publishedNov 6, 2024 byfabpot
Low
Internal address and port enumeration allowed by NoPrivateNetworkHttpClient
GHSA-9c3x-r3wp-mgxm publishedNov 6, 2024 byfabpot
Low
Ability to change environment from query
GHSA-x8vp-gf4q-mw5j publishedNov 6, 2024 byfabpot
High
Potential XSS in WebhookController
GHSA-72x2-5c85-6wmr publishedNov 10, 2023 bynicolas-grekas
Moderate
Potential XSS vulnerabilities in CodeExtension filters
GHSA-q847-2q57-wmr3 publishedNov 10, 2023 bynicolas-grekas
Low
Possible session fixation
GHSA-m2wj-r6g3-fxfx publishedNov 10, 2023 bynicolas-grekas
Moderate

Learn more about advisories related tosymfony/symfony in theGitHub Advisory Database

[8]ページ先頭

©2009-2025 Movatter.jp