Vulnerability & Exploit Database

Back to search

Debian: CVE-2017-16652: symfony -- security update

Severity CVSS Published Added Modified
6 (AV:N/AC:M/Au:N/C:P/I:P/A:N) June 13, 2018 February 25, 2019 February 25, 2019

Description

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

debian-upgrade-symfony