vulnerability
Debian: CVE-2019-10909: symfony -- security update
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | May 7, 2019 | May 7, 2019 | Aug 7, 2020 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
May 7, 2019
Added
May 7, 2019
Modified
Aug 7, 2020
Description
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Solution
debian-upgrade-symfony

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.