CVE-2018-11408
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-11408
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11408.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-11408
- Aliases
- Related
- Published
- 2018-06-13T16:29:01Z
- Modified
- 2024-09-18T01:00:22Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
- References
-
- https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
- https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
- https://security-tracker.debian.org/tracker/CVE-2018-11408
Affected packages
Debian:11 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Debian:12 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Debian:13 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source