Open Redirect Vulnerability in Symfony Security Component

Open Redirect Vulnerability in Symfony Security Component

CVE-2018-11408 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.

Learn more about our Web Application Penetration Testing UK.