HTTP Host Header Poisoning Affecting symfony/symfony package, versions >=2.3.0, <2.3.3>=2.1.0, <2.1.12>=2.2.0, <2.2.5>=2, <2.0.24


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.64% (80th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-SYMFONYSYMFONY-70208
  • published17 Aug 2013
  • disclosed17 Aug 2013
  • creditJordan Alliot

Introduced: 17 Aug 2013

CVE-2013-4752  (opens in a new tab)
CWE-74  (opens in a new tab)

How to fix?

Upgrade symfony/symfony to version 2.3.3, 2.1.12, 2.2.5, 2.0.24 or higher.

Overview

Affected versions of symfony/symfony are vulnerable to HTTP Host Header Poisoning.

CVSS Scores

version 3.1