Exposure of Symfony
Web frameworks15
exposure score
9,510
sites use
0
exploited
0
critical
CVEs
24 resultsCVE-2024-50340HIGHAbility to change environment from query in symfony/runtimeEPSS 63.4%CVE-2020-15094HIGHRCE in SymfonyEPSS 3.0%CVE-2021-21424MEDIUMPrevent user enumeration using Guard or the new Authenticator-based SecurityEPSS 1.7%CVE-2021-32693MEDIUMAuthentication granted with multiple firewallsEPSS 1.4%CVE-2021-41270MEDIUMCSV Injection in SymfonyEPSS 1.4%CVE-2025-64500HIGHSymfony's incorrect parsing of PATH_INFO can lead to limited authorization bypassEPSS 1.3%CVE-2020-5255LOWPrevent cache poisoning via a Response Content-Type headerEPSS 1.3%CVE-2021-41268MEDIUMCookie persistence in SymfonyEPSS 1.3%CVE-2021-41267MEDIUMWebcache Poisoning in SymfonyEPSS 1.2%CVE-2020-5274MEDIUMExceptions displayed in non-debug configurations in SymfonyEPSS 1.2%CVE-2020-5275HIGHFirewall configured with unanimous strategy was not actually unanimous in symfony/security-httpEPSS 1.1%CVE-2022-24895MEDIUMSymfony vulnerable to Session Fixation of CSRF tokensEPSS 0.8%CVE-2022-24894MEDIUMSymfony storing cookie headers in HttpCacheEPSS 0.8%CVE-2023-46733MEDIUMSymfony possible session fixation vulnerabilityEPSS 0.7%CVE-2023-46734MEDIUMSymfony potential Cross-site Scripting vulnerabilities in CodeExtension filtersEPSS 0.7%CVE-2024-51996HIGHSymphony has an Authentication Bypass via RememberMeEPSS 0.6%CVE-2023-46735MEDIUMSymfony potential Cross-site Scripting in WebhookControllerEPSS 0.6%CVE-2022-23601HIGHCSRF token missing in SymfonyEPSS 0.6%CVE-2024-50345LOWOpen redirect via browser-sanitized URLs in symfony/http-foundationEPSS 0.6%CVE-2024-50342LOWInternal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-clientEPSS 0.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →