CVE-2017-11365

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-11365

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11365.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-11365

Aliases

GHSA-q87v-q8fw-gmj5

Downstream

UBUNTU-CVE-2017-11365

Published

2019-05-23T18:29:00.373Z

Modified

2026-04-10T03:54:59.047142Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type

GIT

Repo

https://github.com/symfony/symfony

Events

Introduced

Last affected

90fa8a8b1a8a7a6e84e56ba50471f74f02f7be6e

Introduced

Last affected

bca31e4e3b6cfd8cef39ec04a253966cecf8f2ca

Introduced

Last affected

bc4a6030c67f8b9f4cb49bf519ad5355ffad55ee

Introduced

Last affected

098bb166d51cdf0b0541550d037bb3ad1f8fa846

Fixed

878198cefae028386c6dc800ccbf18f2b9cbff3f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.30"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.3"
        }
    ]
}

Affected versions

v2.*

v2.0.0

v2.0.0-RC1

v2.0.0-RC2

v2.0.0-RC3

v2.0.0-RC4

v2.0.0-RC5

v2.0.0-RC6

v2.0.0BETA1

v2.0.0BETA2

v2.0.0BETA3

v2.0.0BETA4

v2.0.0BETA5

v2.0.0PR8

v2.1.0

v2.1.0-BETA1

v2.1.0-BETA2

v2.1.0-BETA3

v2.1.0-BETA4

v2.1.0-RC1

v2.1.0-RC2

v2.2.0-BETA1

v2.2.0-BETA2

v2.3.0-BETA1

v2.3.0-BETA2

v2.4.0-BETA1

v2.4.0-BETA2

v2.5.0-BETA1

v2.5.0-BETA2

v2.6.0-BETA1

v2.7.0

v2.7.0-BETA1

v2.7.0-BETA2

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

v2.7.2

v2.7.20

v2.7.21

v2.7.22

v2.7.23

v2.7.24

v2.7.25

v2.7.26

v2.7.27

v2.7.28

v2.7.29

v2.7.3

v2.7.30

v2.7.31

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.0-BETA1

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.17

v2.8.18

v2.8.19

v2.8.2

v2.8.20

v2.8.21

v2.8.22

v2.8.23

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v3.*

v3.0.0

v3.0.0-BETA1

v3.2.0

v3.2.0-BETA1

v3.2.0-RC1

v3.2.0-RC2

v3.2.1

v3.2.10

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0

v3.3.0-BETA1

v3.3.0-RC1

v3.3.1

v3.3.2

v3.3.3

Other

vPR3

vPR4

vPR5

vPR6

vPR8

vPR9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11365.json"