Open Redirect Affecting symfony/security-bundle package, versions <2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
Threat Intelligence
EPSS
0.35% (73rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-SYMFONYSECURITYBUNDLE-72191
- published 30 May 2018
- disclosed 30 May 2018
- credit Antal Aron
Introduced: 30 May 2018
CVE-2018-11408 Open this link in a new tabHow to fix?
Upgrade symfony/security-bundle
to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.
Overview
symfony/security-bundle is a security component for symphony.
Affected versions of this package are vulnerable to Open Redirect. This is due to an incomplete fix for CVE-2017-16652. There was an an edge case when the security.http_utils
was inlined by the container.
References
CVSS Scores
version 3.1