CVE-2018-11408

Published: 13 June 2018

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
symfony
Launchpad, Ubuntu, Debian
Upstream
Released (3.4.12+dfsg-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(3.4.15+dfsg-2ubuntu4)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.4.15+dfsg-2ubuntu4)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist