CVE-2019-10909

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10909

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10909.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10909

Aliases

GHSA-g996-q5r8-w7g2

Related

Published

2019-05-16T22:29:00Z

Modified

2024-09-18T03:02:43.105665Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

References

Affected packages

Debian:11 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.22+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.22+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.22+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

b73ab73d39dca97a12513e8a9e4f4da4b0676f5f

Fixed

c5bc3922f27c93ab3669428a504212adb801400f

Type: GIT
Repo: https://github.com/symfony/security-http
Events: Introduced

34e089af7d363bd2ded8ad15f06b2b97348b97e5

Fixed

ff2189e9921e4a88c4f621fa44444fe2b4fb1b11

Type: GIT
Repo: https://github.com/symfony/symfony
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2

Affected versions

8.*

8.5.0

8.5.1

8.5.10

8.5.11

8.5.12

8.5.13

8.5.14

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

8.5.8

8.5.9

v2.*

v2.0.0

v2.0.0-RC1

v2.0.0-RC2

v2.0.0-RC3

v2.0.0-RC4

v2.0.0-RC5

v2.0.0-RC6

v2.0.0BETA1

v2.0.0BETA2

v2.0.0BETA3

v2.0.0BETA4

v2.0.0BETA5

v2.0.0PR8

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.0-BETA1

v2.1.0-BETA2

v2.1.0-BETA3

v2.1.0-BETA4

v2.1.0-RC1

v2.1.0-RC2

v2.1.1

v2.1.10

v2.1.11

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.0-BETA1

v2.2.0-BETA2

v2.2.0-RC1

v2.2.0-RC2

v2.2.0-RC3

v2.2.1

v2.2.10

v2.2.11

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.0-BETA1

v2.3.0-BETA2

v2.3.0-RC1

v2.3.1

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.15

v2.3.16

v2.3.17

v2.3.18

v2.3.19

v2.3.2

v2.3.20

v2.3.21

v2.3.22

v2.3.23

v2.3.24

v2.3.25

v2.3.26

v2.3.27

v2.3.28

v2.3.29

v2.3.3

v2.3.30

v2.3.31

v2.3.32

v2.3.33

v2.3.34

v2.3.35

v2.3.36

v2.3.37

v2.3.38

v2.3.39

v2.3.4

v2.3.40

v2.3.41

v2.3.42

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4.0

v2.4.0-BETA1

v2.4.0-BETA2

v2.4.0-RC1

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5.0

v2.5.0-BETA1

v2.5.0-BETA2

v2.5.0-RC1

v2.5.1

v2.5.10

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.0-BETA1

v2.6.0-BETA2

v2.6.1

v2.6.10

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.0-BETA1

v2.7.0-BETA2

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

v2.7.2

v2.7.20

v2.7.21

v2.7.22

v2.7.23

v2.7.24

v2.7.25

v2.7.26

v2.7.27

v2.7.28

v2.7.29

v2.7.3

v2.7.30

v2.7.31

v2.7.32

v2.7.33

v2.7.34

v2.7.35

v2.7.36

v2.7.37

v2.7.38

v2.7.39

v2.7.4

v2.7.40

v2.7.41

v2.7.42

v2.7.43

v2.7.44

v2.7.45

v2.7.46

v2.7.47

v2.7.48

v2.7.49

v2.7.5

v2.7.50

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.0-BETA1

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.17

v2.8.18

v2.8.19

v2.8.2

v2.8.20

v2.8.21

v2.8.22

v2.8.23

v2.8.24

v2.8.25

v2.8.26

v2.8.27

v2.8.28

v2.8.29

v2.8.3

v2.8.30

v2.8.31

v2.8.32

v2.8.33

v2.8.34

v2.8.35

v2.8.36

v2.8.37

v2.8.38

v2.8.39

v2.8.4

v2.8.40

v2.8.41

v2.8.42

v2.8.43

v2.8.44

v2.8.45

v2.8.46

v2.8.47

v2.8.48

v2.8.49

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v3.*

v3.0.0

v3.0.0-BETA1

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.1.0

v3.1.0-BETA1

v3.1.0-RC1

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.0

v3.2.0-BETA1

v3.2.0-RC1

v3.2.0-RC2

v3.2.1

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0

v3.3.0-BETA1

v3.3.0-RC1

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.15

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.0-BETA1

v3.4.0-BETA2

v3.4.0-BETA3

v3.4.0-BETA4

v3.4.0-RC1

v3.4.0-RC2

v3.4.1

v3.4.10

v3.4.11

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.16

v3.4.17

v3.4.18

v3.4.19

v3.4.2

v3.4.20

v3.4.21

v3.4.22

v3.4.23

v3.4.24

v3.4.25

v3.4.26

v3.4.27

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v4.*

v4.1.10

v4.1.11

v4.1.9

v4.2.0

v4.2.0-BETA2

v4.2.0-RC1

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

Other

vPR10

vPR11

vPR12

vPR3

vPR4

vPR5

vPR6

vPR8

vPR9