DEBIAN-CVE-2018-14774
- Source
- https://security-tracker.debian.org/tracker/CVE-2018-14774
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-14774.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2018-14774
- Upstream
- Published
- 2018-08-03T17:29:00.347Z
- Modified
- 2025-11-19T01:03:14.746913Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.
- References
Affected packages
Debian:11 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Debian:12 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Debian:13 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Debian:14 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source