Symfony Open Redirect
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 7, 2024
Package
Affected versions
>= 2.7.0, < 2.7.48
>= 2.8.0, < 2.8.41
>= 3.3.0, < 3.3.17
>= 3.4.0, < 3.4.11
>= 4.0.0, < 4.0.11
Patched versions
2.7.48
2.8.41
3.3.17
3.4.11
4.0.11
>= 2.7.0, < 2.7.48
>= 2.8.0, < 2.8.41
>= 3.3.0, < 3.3.17
>= 3.4.0, < 3.4.11
>= 4.0.0, < 4.0.11
2.7.48
2.8.41
3.3.17
3.4.11
4.0.11
Description
Published by the National Vulnerability Database
Jun 13, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 24, 2023
Last updated
Feb 7, 2024
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
References