UBUNTU-CVE-2019-10909

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-10909

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10909.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10909

Related

CVE-2019-10909

Published

2019-05-16T22:29:00Z

Modified

2024-10-15T14:06:48Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

References

Affected packages

Ubuntu:Pro:16.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.1+dfsg-1

2.7.5+dfsg-1

2.7.9+dfsg-1

2.7.9+dfsg-1ubuntu2

2.7.10-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.7+dfsg-1.3ubuntu1

3.*

3.4.3+dfsg-1ubuntu4

3.4.6+dfsg-1

3.4.6+dfsg-1ubuntu0.1

3.4.6+dfsg-1ubuntu0.1+esm1

3.4.6+dfsg-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}