CVE-2020-25912

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25912

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25912.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25912

Published

2021-10-31T19:15:09.857Z

Modified

2026-04-10T04:25:19.051370Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).

References

Affected packages

Git / github.com/symphonycms/symphonycms

Affected ranges

Type

GIT

Repo

https://github.com/symphonycms/symphonycms

Events

Introduced

Last affected

68f44f0c36ad3345068676bfb8a61c2e6a2e51f4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.10"
        }
    ]
}

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.4

2.0.7

2.0.7RC1

2.0.7RC2

2.0.7beta

2.1.2

2.2

2.2.2

2.2.3

2.2.4

2.2.5

2.3

2.3.1

2.3.1RC1

2.3.1RC2

2.3.1RC3

2.3.1beta1

2.3.1beta2

2.3.2

2.3.2RC1

2.3.2RC2

2.3.2beta1

2.3.2beta2

2.3.3

2.3.3RC1

2.3.3RC2

2.3.3RC3

2.3.3beta1

2.3.3beta2

2.3.3beta3

2.3.4

2.3.4RC1

2.3.4beta1

2.3.4beta2

2.3.5

2.3.5RC1

2.3.5beta1

2.3.6

2.3RC2

2.3RC3

2.3RC4

2.3beta1

2.3beta2

2.3beta3

2.4

2.4RC1

2.4RC2

2.4beta1

2.4beta3

2.5.0

2.5.1

2.5.2

2.5.2-beta.1

2.5.2-rc.1

2.6.0

2.6.0-beta.1

2.6.0-beta.2

2.6.0-rc.1

2.6.1

2.6.10

2.6.11

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.0.RC1

2.7.1

2.7.10

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

Other

rev5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25912.json"