CVE-2015-4050 (Medium) detected in symfony/http-kernel-v3.1.9 #47

mend-bolt-for-github · 2021-03-15T01:55:18Z

CVE-2015-4050 - Medium Severity Vulnerability

Vulnerable Library - symfony/http-kernel-v3.1.9

The HttpKernel component provides a structured process for converting a Request into a Response.

Dependency Hierarchy:

laravel/framework-v5.3.29 (Root Library)
- ❌ symfony/http-kernel-v3.1.9 (Vulnerable Library)

Vulnerability Details

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

Publish Date: 2015-06-02

URL: CVE-2015-4050

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4050

Release Date: 2015-06-02

Fix Resolution: v2.3.29,v2.5.12,v2.6.8

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2015-4050 (Medium) detected in symfony/http-kernel-v3.1.9 #47

CVE-2015-4050 (Medium) detected in symfony/http-kernel-v3.1.9 #47

mend-bolt-for-github bot commented Mar 15, 2021

CVE-2015-4050 (Medium) detected in symfony/http-kernel-v3.1.9 #47

CVE-2015-4050 (Medium) detected in symfony/http-kernel-v3.1.9 #47

Comments

mend-bolt-for-github bot commented Mar 15, 2021

CVE-2015-4050 - Medium Severity Vulnerability